Ordnerinhalt nicht zugreifbar - Datenbelegung jedoch unter Eigenschaften sichtbar

djmarocco · 02.06.2012, 23:10

Liebes Forum Team:

Ich habe nach einer Attake eines Trojaners (über Antivir entdeckt) diesen gelöscht. Anschließend wurde mir vom System angezeigt dass meine Festplattein einem kritischen Zustand sei, und mir ein Kauf eines 84 $teuren Tool angeboten wurde. Ich habeWindows neu installiert, daich keinerlei Zugriff auf meine Bibiliotheken hatte. Ich habe zwei Ordner im Rootverzeichnis von C:\: Dokumenteund Bilder. Beide Ordner zeigen mir den Inhalt nicht an (Anzeigen von versteckten Datein habeich natürlich überprüft), bei Rechtsklick/Eigenschaften wird mir aber eine Blegung des Ordners mit Dateien und Unterordner angezeigt.

Anbei die Log-Files:

OLT:
OTL logfile created on: 02.06.2012 23:29:03 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Sarah\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

1015,43 Mb Total Physical Memory | 344,63 Mb Available Physical Memory | 33,94% Memory free
1,99 Gb Paging File | 1,15 Gb Available in Paging File | 57,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 86,70 Gb Free Space | 77,62% Space Free | Partition Type: NTFS

Computer Name: SARAH-PC | User Name: Max Mustermann| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.02 23:14:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
PRC - [2012.06.02 20:03:52 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009.07.14 03:15:38 | 000,067,584 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2009.07.14 03:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009.06.10 23:14:05 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)

========== Driver Services (SafeList) ==========

DRV - [2010.12.30 10:54:06 | 000,034,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RKHit.sys -- (RkHit)
DRV - [2009.07.14 03:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:14:09 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009.07.14 01:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 35 92 85 9F 40 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [SCHelper.exe] C:\Program Files\Spyware Cease 2011\SCHelper.exe (QW Computer)
O4 - HKLM..\Run: [SpywareCease2011.exe] C:\Program Files\Spyware Cease 2011\SpywareCease2011.exe (QW Computer)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A36A9E62-3D61-44D6-8778-CFFF3E2E6946}: DhcpNameServer = 195.34.133.21 212.186.211.21
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.06.02 23:14:24 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2012.06.02 20:42:07 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Google
[2012.06.02 20:30:28 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.06.02 19:58:25 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.06.02 12:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012.06.02 12:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012.06.02 12:14:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Google
[2012.06.02 12:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.06.02 12:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.06.02 11:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Cease 2011
[2012.06.02 11:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Cease 2011
[2012.06.02 11:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente
[2012.06.02 11:03:14 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.06.02 10:49:45 | 000,000,000 | R--D | C] -- C:\Bilder
[2012.06.02 10:48:34 | 001,002,008 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpun.exe
[2012.06.02 10:48:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2012.06.02 10:44:57 | 000,000,000 | R--D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.06.02 10:44:57 | 000,000,000 | R--D | C] -- C:\Users\Sarah\Searches
[2012.06.02 10:44:57 | 000,000,000 | R--D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.06.02 10:44:57 | 000,000,000 | -H-D | C] -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012.06.02 10:44:48 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Identities
[2012.06.02 10:44:47 | 000,000,000 | R--D | C] -- C:\Users\Sarah\Contacts
[2012.06.02 10:44:36 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\VirtualStore
[2012.06.02 10:44:29 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\AppData\Local\Temporary Internet Files
[2012.06.02 10:44:29 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\Templates
[2012.06.02 10:44:29 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\Start Menu
[2012.06.02 10:44:29 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\SendTo
[2012.06.02 10:44:29 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\Recent
[2012.06.02 10:44:29 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\PrintHood
[2012.06.02 10:44:29 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\NetHood
[2012.06.02 10:44:29 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\Documents\My Videos
[2012.06.02 10:44:29 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\Documents\My Pictures
[2012.06.02 10:44:29 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\Documents\My Music
[2012.06.02 10:44:29 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\My Documents
[2012.06.02 10:44:29 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\Local Settings
[2012.06.02 10:44:29 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\AppData\Local\History
[2012.06.02 10:44:29 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\Cookies
[2012.06.02 10:44:29 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\Application Data
[2012.06.02 10:44:29 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\AppData\Local\Application Data
[2012.06.02 10:44:26 | 000,000,000 | --SD | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft
[2012.06.02 10:44:26 | 000,000,000 | R--D | C] -- C:\Users\Sarah\Videos
[2012.06.02 10:44:26 | 000,000,000 | R--D | C] -- C:\Users\Sarah\Saved Games
[2012.06.02 10:44:26 | 000,000,000 | R--D | C] -- C:\Users\Sarah\Pictures
[2012.06.02 10:44:26 | 000,000,000 | R--D | C] -- C:\Users\Sarah\Music
[2012.06.02 10:44:26 | 000,000,000 | R--D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.06.02 10:44:26 | 000,000,000 | R--D | C] -- C:\Users\Sarah\Links
[2012.06.02 10:44:26 | 000,000,000 | R--D | C] -- C:\Users\Sarah\Favorites
[2012.06.02 10:44:26 | 000,000,000 | R--D | C] -- C:\Users\Sarah\Downloads
[2012.06.02 10:44:26 | 000,000,000 | R--D | C] -- C:\Users\Sarah\Documents
[2012.06.02 10:44:26 | 000,000,000 | R--D | C] -- C:\Users\Sarah\Desktop
[2012.06.02 10:44:26 | 000,000,000 | R--D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.06.02 10:44:26 | 000,000,000 | -H-D | C] -- C:\Users\Sarah\AppData
[2012.06.02 10:44:26 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Temp
[2012.06.02 10:44:26 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Microsoft
[2012.06.02 10:44:26 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Media Center Programs
[2012.06.02 10:39:39 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.06.02 10:34:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.06.02 10:32:18 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.06.02 10:31:27 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012.06.02 23:29:12 | 000,786,432 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT
[2012.06.02 23:14:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2012.06.02 23:03:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.02 23:02:10 | 000,013,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.02 23:02:10 | 000,013,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.02 22:53:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.02 20:18:34 | 000,057,560 | ---- | M] () -- C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.06.02 20:03:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.02 19:59:50 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2012.06.02 19:59:50 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.02 19:59:50 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.02 19:55:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012.06.02 19:55:26 | 798,564,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.02 12:14:53 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012.06.02 11:21:55 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\06-02-2012_112155.job
[2012.06.02 11:21:11 | 000,001,099 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Cease 2011.lnk
[2012.06.02 11:21:11 | 000,001,075 | ---- | M] () -- C:\Users\Sarah\Desktop\Spyware Cease 2011.lnk
[2012.06.02 11:06:39 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.06.02 11:06:39 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2012.06.02 11:06:39 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2012.06.02 10:47:22 | 000,001,407 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.06.02 10:44:29 | 000,000,020 | -HS- | M] () -- C:\Users\Sarah\ntuser.ini
[2012.06.02 10:36:28 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.02 10:34:56 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf

========== Files Created - No Company Name ==========

[2012.06.02 20:18:34 | 000,057,560 | ---- | C] () -- C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.06.02 19:58:24 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.02 12:14:53 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012.06.02 12:14:49 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.02 11:21:55 | 000,000,470 | ---- | C] () -- C:\Windows\tasks\06-02-2012_112155.job
[2012.06.02 11:21:11 | 000,001,099 | ---- | C] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Cease 2011.lnk
[2012.06.02 11:21:11 | 000,001,075 | ---- | C] () -- C:\Users\Sarah\Desktop\Spyware Cease 2011.lnk
[2012.06.02 11:21:02 | 000,034,736 | ---- | C] () -- C:\Windows\System32\drivers\RKHit.sys
[2012.06.02 10:47:22 | 000,001,407 | ---- | C] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.06.02 10:45:00 | 000,001,413 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.06.02 10:44:29 | 000,000,020 | -HS- | C] () -- C:\Users\Sarah\ntuser.ini
[2012.06.02 10:44:27 | 000,524,288 | -HS- | C] () -- C:\Users\Sarah\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.06.02 10:44:27 | 000,524,288 | -HS- | C] () -- C:\Users\Sarah\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2012.06.02 10:44:27 | 000,065,536 | -HS- | C] () -- C:\Users\Sarah\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2012.06.02 10:44:27 | 000,000,290 | ---- | C] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012.06.02 10:44:27 | 000,000,272 | ---- | C] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012.06.02 10:44:26 | 000,786,432 | -HS- | C] () -- C:\Users\Sarah\NTUSER.DAT
[2012.06.02 10:43:12 | 000,713,888 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2012.06.02 10:34:46 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.06.02 10:34:38 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.06.02 10:31:27 | 798,564,352 | -HS- | C] () -- C:\hiberfil.sys

========== LOP Check ==========

[2012.06.02 11:21:55 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\06-02-2012_112155.job
[2009.07.14 06:53:46 | 000,001,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012.06.02 10:44:46 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.06.02 20:41:02 | 000,000,000 | R--D | M] -- C:\Bilder
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.06.02 11:36:06 | 000,000,000 | ---D | M] -- C:\Dokumente
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.06.02 19:58:43 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.06.02 12:14:36 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.06.02 10:39:39 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.06.02 23:30:17 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.06.02 10:44:26 | 000,000,000 | R--D | M] -- C:\Users
[2012.06.02 19:58:25 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

< MD5 for: IASTORV.SYS >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: USER32.DLL >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %USERPROFILE%\*.* >
[2012.06.02 23:34:45 | 000,786,432 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT
[2012.06.02 23:34:45 | 000,262,144 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat.LOG1
[2012.06.02 10:44:27 | 000,000,000 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat.LOG2
[2012.06.02 11:06:39 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2012.06.02 11:06:39 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2012.06.02 11:06:39 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.06.02 10:44:29 | 000,000,020 | -HS- | M] () -- C:\Users\Sarah\ntuser.ini

< %USERPROFILE%\Local Settings\Temp\*.exe >
[2011.06.24 19:05:24 | 000,235,184 | ---- | M] (Google Inc.) -- C:\Users\Sarah\Local Settings\Temp\GoogleToolbarInstaller_stub_signed.exe
[8 C:\Users\Sarah\Local Settings\Temp\*.tmp files -> C:\Users\Sarah\Local Settings\Temp\*.tmp -> ]

< %USERPROFILE%\Local Settings\Temp\*.dll >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) -- C:\Users\Sarah\Local Settings\Temp\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Users\Sarah\Local Settings\Temp\dxtrans.dll
[2009.07.14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Users\Sarah\Local Settings\Temp\es.dll
[2009.07.14 03:15:28 | 010,973,696 | ---- | M] (Microsoft Corporation) -- C:\Users\Sarah\Local Settings\Temp\ieframe.dll
[2009.07.14 03:15:52 | 001,233,408 | ---- | M] (Microsoft Corporation) -- C:\Users\Sarah\Local Settings\Temp\msxml3.dll
[8 C:\Users\Sarah\Local Settings\Temp\*.tmp files -> C:\Users\Sarah\Local Settings\Temp\*.tmp -> ]

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< >

< End of report >

Extras:

OTL Extras logfile created on: 02.06.2012 23:29:03 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Max Mustermann\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

1015,43 Mb Total Physical Memory | 344,63 Mb Available Physical Memory | 33,94% Memory free
1,99 Gb Paging File | 1,15 Gb Available in Paging File | 57,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 86,70 Gb Free Space | 77,62% Space Free | Partition Type: NTFS

Computer Name: Max Mustermann-PC | User Name: Max Mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1864A73B-F303-486A-B22A-B56A3C3374B2}" = lport=138 | protocol=17 | dir=in | app=system |
"{26EA7369-F7AB-4E72-ACF6-375A144C6ED6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2ADCF6B5-033F-4826-9999-E7E397B4ECD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C37A5AC-7173-4A20-B16D-BDABEF8551F2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2F82E1D5-E603-49B9-B4C9-9ED3BA74C75A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B951E6E-ACEF-4DB9-A7FC-78D8D367880B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C083A12-8033-4526-BC09-8977A57F10D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C57181A-B590-4380-B80F-1F1014774B17}" = rport=445 | protocol=6 | dir=out | app=system |
"{83209B5C-E488-47EA-A02E-C09BDE9485B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8F416B41-145A-4450-91AC-8F9F48A3C31C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{96A18B2B-CA87-4C50-88F5-0401D9F91B0A}" = rport=139 | protocol=6 | dir=out | app=system |
"{975B7AED-7638-488E-B96F-63A314E75AF7}" = rport=137 | protocol=17 | dir=out | app=system |
"{A8064478-83D2-4BDF-A11F-8A50AD06EF31}" = lport=139 | protocol=6 | dir=in | app=system |
"{C2FAD38E-570C-4BBD-A9A8-DDCB5A4709A5}" = rport=138 | protocol=17 | dir=out | app=system |
"{CFC62D1E-17CF-42A6-9209-912BA6BA69BC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D75FE635-4002-472C-B7FD-B0BE1ED25F94}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D78069BC-F4C2-4DA1-A6C4-0F15CF6B8A0E}" = lport=137 | protocol=17 | dir=in | app=system |
"{D85FCFFD-122D-4EF4-BB49-8ECD798CE02A}" = lport=445 | protocol=6 | dir=in | app=system |
"{E2293F61-16A0-4873-B9C9-0033F43510EC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E554475A-4DC8-4358-A308-2027194F6606}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC74CB3B-CC85-4E5A-8A26-66A42CEFCDEC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DFC9E26-10F9-40F6-B3B6-AD04EC27EB8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2BAC3C73-5026-41D3-9452-F134D43172B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CF26F37-C11E-4236-AF4B-FFCD732B69EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A0F1F87-E4F8-4F9F-8DB4-ABD5594F6C9F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{61152004-3BB7-44CF-AF65-7D4E488DCA40}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{670DC5FF-C9E7-4FAF-91D9-A31B7B53C1EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8EBC73CD-0AF8-441C-96AD-62CF58372040}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5E201FB-5D4A-4B64-AA44-C103FD42A0F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C03C9BBE-412C-4C5C-9B82-C76FAE0DB31F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C5A48659-2337-4C04-8ABC-6F3FD369BFBD}" = protocol=6 | dir=out | app=system |
"{CB7EF5E6-5C74-4ADF-B753-203EA980139C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF026C3A-43C6-4DD0-884F-FFCA4D6EFD65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DCA136EB-1958-47C7-A281-3D87CEF81D06}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E851DC87-9FDA-412C-9A92-B707206216F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EDEACC25-F1E5-42AD-BC38-014498DA21C7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F72148C6-FF20-45E7-B1E7-56BC07C8A3EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Recuva" = Recuva
"Spyware Cease 2011_is1" = Spyware Cease v7.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02.06.2012 17:25:08 | Computer Name = Max Mustermann-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.45.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: e14 Start Time:
01cd4104db407db8 Termination Time: 0 Application Path: C:\Users\Max Mustermann\Desktop\OTL.exe

Report
Id: 5f8f5839-acf9-11e1-bde5-001b38b74fd1

[ System Events ]
Error - 02.06.2012 13:42:02 | Computer Name = Max Mustermann-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 02.06.2012 13:44:10 | Computer Name = Max Mustermann-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 02.06.2012 13:44:10 | Computer Name = Max Mustermann-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 02.06.2012 13:44:10 | Computer Name = Max Mustermann-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 02.06.2012 13:49:10 | Computer Name = Max Mustermann-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 02.06.2012 13:49:10 | Computer Name = Max Mustermann-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 02.06.2012 13:49:10 | Computer Name = Max Mustermann-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 02.06.2012 13:51:16 | Computer Name = Max Mustermann-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 02.06.2012 13:51:16 | Computer Name = Max Mustermann-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 02.06.2012 13:51:16 | Computer Name = Max Mustermann-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

< End of report >

gmer:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-02 23:51:26
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 FUJITSU_MHY2120BH rev.890B
Running: gd1ws86b.exe; Driver: C:\Users\Max Mustermann\AppData\Local\Temp\fgloypow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8285B579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8287FF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text autochk.exe 004311D1 73 Bytes [10, 08, FE, 75, 41, 8B, 4D, ...]
.text autochk.exe 0043121B 4 Bytes [0F, 84, C8, 00]
.text autochk.exe 00431220 129 Bytes [00, 83, 7D, 18, 00, 7E, 6D, ...]
.text autochk.exe 004312A2 1 Byte [00]
.text autochk.exe 004312A2 7 Bytes [00, 00, C7, 44, 01, 04, 00]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!GetAsyncKeyState 75A0C09A 5 Bytes JMP 72B1D6D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!UnhookWindowsHookEx 75A0CC7B 5 Bytes JMP 72C17E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!CreateWindowExW 75A10E51 5 Bytes JMP 72C07AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!IsDialogMessageW 75A16F06 5 Bytes JMP 72B23FE8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!DialogBoxIndirectParamW 75A34AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!EndDialog 75A3555C 5 Bytes JMP 72B25873 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!DialogBoxParamW 75A3564A 5 Bytes JMP 72B2490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] SHELL32.dll!SHChangeNotification_Lock + 45BE 766DB3D8 4 Bytes [11, 36, 84, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] SHELL32.dll!SHChangeNotification_Lock + 45C6 766DB3E0 8 Bytes [5F, 35, 84, 6E, D0, 73, 83, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ole32.dll!CoCreateInstance 763F57FC 5 Bytes JMP 72C08595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!CreateWindowExW 75A10E51 5 Bytes JMP 72C07AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!DialogBoxIndirectParamW 75A34AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!DialogBoxParamW 75A3564A 5 Bytes JMP 72B2490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000041 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Betriebssystem: Win 7 32 bit

Vielen Dank für eureHilfeim Vorhinein.

Liebe Grüße aus Wien

Markus Bittner

cosinus · 05.06.2012, 13:57

Zitat:

Ich habe nach einer Attake eines Trojaners (über Antivir entdeckt) diesen gelöscht.

Absolut nichtssagend
Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Ordnerinhalt nicht zugreifbar - Datenbelegung jedoch unter Eigenschaften sichtbar

Plagegeister aller Art und deren Bekämpfung: Ordnerinhalt nicht zugreifbar - Datenbelegung jedoch unter Eigenschaften sichtbar

Ordnerinhalt nicht zugreifbar - Datenbelegung jedoch unter Eigenschaften sichtbar

Ordnerinhalt nicht zugreifbar - Datenbelegung jedoch unter Eigenschaften sichtbar

Ähnliche Themen: Ordnerinhalt nicht zugreifbar - Datenbelegung jedoch unter Eigenschaften sichtbar