Verschluesselungs Trojaner <OTL LOG Inside>

puelo · 18.06.2012, 17:01

Hallo,

eine Freundin hat sich diesen Trojaner eingefangen und ich habe bereits ueber eine BootDisk OTL ausgefuehrt und habe nun folgenden LOG erhalten. Welche Dinge soll ich dort fixen?

Vielen Dank fuer eine schnelle Antwort:

Code:

ATTFilter

OTL logfile created on: 6/18/2012 6:54:12 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
255.00 Mb Total Physical Memory | 65.00 Mb Available Physical Memory | 25.00% Memory free
215.00 Mb Paging File | 93.00 Mb Available in Paging File | 43.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37.26 Gb Total Space | 24.99 Gb Free Space | 67.07% Space Free | Partition Type: NTFS
Drive D: | 31.25 Gb Total Space | 29.99 Gb Free Space | 95.98% Space Free | Partition Type: NTFS
Drive E: | 6.01 Gb Total Space | 2.81 Gb Free Space | 46.74% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled] --  -- (HidServ)
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - [2004/09/29 07:14:36 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/01/04 13:10:42 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2001/02/23 05:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | Boot] --  -- (PxHelp20)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | On_Demand] --  -- (cel90xbe)
DRV - [2008/04/20 10:08:32 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2005/03/23 15:13:06 | 000,011,841 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV - [2005/03/23 15:12:56 | 000,014,528 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hcw88ts.sys -- (hcw88ts)
DRV - [2005/03/23 15:12:54 | 000,130,112 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hcw88bda.sys -- (HCW88BDA)
DRV - [2005/03/23 15:12:50 | 000,011,586 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | System] -- C:\WINDOWS\system32\drivers\hcw88aud.sys -- (HCW88AUD)
DRV - [2004/08/04 02:10:12 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2004/08/04 02:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2004/01/05 17:09:23 | 000,108,032 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\SSHDRV62.sys -- (SSHDRV62)
DRV - [2002/04/30 11:11:00 | 000,133,026 | ---- | M] (Pinnacle Systems GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rob_v.sys -- (ROB_V)
DRV - [2002/04/02 09:05:24 | 000,006,369 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pctvvbi.sys -- (pctvvbi)
DRV - [2002/02/07 10:08:10 | 000,020,064 | ---- | M] (Pinnacle Systems GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rob_a.sys -- (ROB_A)
DRV - [2002/01/29 18:42:00 | 000,104,668 | ---- | M] (NVIDIA Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nvcap.sys -- (nvcap) nVidia WDM Video Capture (universal)
DRV - [2002/01/29 18:42:00 | 000,010,414 | ---- | M] (NVIDIA Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nvxbar.sys -- (NVXBAR)
DRV - [2002/01/25 03:44:09 | 000,027,924 | ---- | M] (MusicMatch, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2002/01/25 03:21:25 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2002/01/10 12:40:38 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/12/10 11:25:22 | 000,357,070 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001/12/07 08:29:52 | 000,013,780 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 07:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
DRV - [2001/08/04 11:50:08 | 000,454,815 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CTXH51.sys -- (ham50)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.de
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\Besitzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Lea_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.metabolic-balance.com/de/
IE - HKU\Lea_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.de
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.de
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
 
 
O1 HOSTS File: ([2001/08/18 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [Corel Reminder]  File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [MMTray] C:\Programme\MusicMatch\MusicMatch Jukebox\mm_tray.exe (MusicMatch)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon]  File not found
O4 - HKLM..\Run: [PCTVRemote] C:\Programme\Pinnacle\Pinnacle PCTV\Remote\remoterm.exe (Pinnacle Systems)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Besitzer_ON_C..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\aolshare\AolMIcon.exe (AOL Deutschland)
O4 - HKU\Gast_ON_C..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\aolshare\AolMIcon.exe (AOL Deutschland)
O4 - Startup: C:\Dokumente und Einstellungen\Lea\Rbsnzilhrbs\upgevalmmz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Gast_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lea_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lea_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Lea_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Lea_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201790576357 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201794611233 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/01/25 01:30:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{5d4cdcce-c52e-11dd-8e3e-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{5d4cdcce-c52e-11dd-8e3e-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5d4cdcce-c52e-11dd-8e3e-00038a000015}\Shell\AutoRun\command - "" = H:\EasySuite.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/15 06:36:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lea\Rbsnzilhrbs
[4 C:\Dokumente und Einstellungen\Lea\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Lea\Eigene Dateien\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/18 09:28:21 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/18 09:28:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/18 09:28:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/18 09:28:13 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/15 10:04:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/15 06:36:15 | 000,059,927 | ---- | M] () -- C:\Dokumente und Einstellungen\Lea\Rbsnzilhrbs\upgevalmmz.exe
[2012/06/14 11:59:43 | 000,111,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Lea\Eigene Dateien\GEdqtLVjxodqsLfjxEU
[2012/06/14 11:27:23 | 000,002,495 | ---- | M] () -- C:\Dokumente und Einstellungen\Lea\Desktop\Microsoft Word.lnk
[2012/06/12 10:23:19 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/05/31 14:22:24 | 000,110,080 | ---- | M] () -- C:\Dokumente und Einstellungen\Lea\Eigene Dateien\aOsQpNDJTgeuXrDv
[2012/05/25 04:18:09 | 000,167,343 | ---- | M] () -- C:\Dokumente und Einstellungen\Lea\Eigene Dateien\jnEdytnVjGEUytL
[2012/05/25 04:10:02 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/05/21 12:10:09 | 000,107,008 | ---- | M] () -- C:\Dokumente und Einstellungen\Lea\Eigene Dateien\ndVqxndAtEfyxLd
[4 C:\Dokumente und Einstellungen\Lea\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Lea\Eigene Dateien\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/05/25 04:18:01 | 000,167,343 | ---- | C] () -- C:\Dokumente und Einstellungen\Lea\Eigene Dateien\jnEdytnVjGEUytL
[2012/02/20 06:58:38 | 000,544,256 | ---- | C] () -- C:\WINDOWS\System32\janGraphics.dll
[2008/02/04 14:07:58 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/01/31 11:15:11 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/05/11 12:48:44 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/05/11 12:44:23 | 000,113,604 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp
[2007/05/11 12:44:22 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2007/01/29 15:03:54 | 000,001,098 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TsluXgevarDQpgeJTrDQ
[2007/01/29 15:03:53 | 000,112,708 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2007/01/29 15:03:53 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2005/11/20 09:01:06 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/09/05 17:01:28 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2005/05/31 15:49:33 | 000,000,399 | ---- | C] () -- C:\WINDOWS\vtplus32.ini
[2005/05/31 15:49:30 | 000,026,591 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2005/05/31 15:49:19 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2005/05/31 15:49:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2005/05/31 15:47:58 | 000,001,986 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2005/05/31 15:42:29 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2005/05/16 17:08:05 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2004/09/23 14:40:52 | 000,006,656 | -HS- | C] () -- C:\Dokumente und Einstellungen\Lea\dyAsLdyxEVjsnU
[2004/09/03 08:27:57 | 000,000,009 | ---- | C] () -- C:\Dokumente und Einstellungen\Lea\xoLVjxodqsnVjxo
[2004/06/07 18:02:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/03/27 09:19:16 | 000,014,848 | ---- | C] () -- C:\Dokumente und Einstellungen\Lea\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/01/10 10:21:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\asym.ini
[2004/01/05 17:09:23 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV62.sys
[2003/12/17 12:35:14 | 000,000,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AoLdqGoVAsndqGo
[2003/12/17 12:35:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
[2003/11/27 09:30:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/25 05:30:15 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/06/01 12:34:34 | 000,014,025 | ---- | C] () -- C:\WINDOWS\TWAINCAP.INI
[2003/06/01 12:34:08 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\Macd32.dll
[2003/06/01 12:34:08 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\Mase32.dll
[2003/06/01 12:34:08 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\Mamc32.dll
[2003/06/01 12:34:08 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\Masd32.dll
[2003/06/01 12:34:08 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Ma32.dll
[2003/05/13 19:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe
[2003/05/13 19:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2002/02/21 22:44:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2002/02/21 22:02:24 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2002/02/21 22:02:23 | 000,352,330 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2002/02/21 22:02:17 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\dmcpl.exe
[2002/01/29 11:20:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/01/29 10:38:25 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2002/01/25 03:39:14 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2002/01/25 03:36:44 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/01/25 03:34:14 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/01/25 03:33:58 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/01/25 02:44:02 | 000,000,507 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/01/25 01:55:59 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2002/01/25 01:54:50 | 000,122,880 | ---- | C] () -- C:\WINDOWS\cmuninst.exe
[2002/01/25 01:54:50 | 000,122,880 | ---- | C] () -- C:\WINDOWS\cmuninst.dat
[2002/01/25 01:54:41 | 000,000,199 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2002/01/25 01:54:41 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2002/01/25 01:36:07 | 000,000,863 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/01/25 01:33:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/01/25 01:27:51 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/01/25 01:22:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/01/25 01:21:09 | 000,309,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/01/25 01:07:58 | 000,000,894 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/01/25 01:07:39 | 000,443,198 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2002/01/25 01:07:39 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2002/01/25 01:07:39 | 000,078,298 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2002/01/25 01:07:39 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2002/01/25 01:07:15 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/01/25 01:07:11 | 000,427,412 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/01/25 01:07:11 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/01/25 01:07:11 | 000,065,752 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/01/25 01:07:11 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/01/25 01:07:07 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/01/25 01:07:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/01/25 01:07:03 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/01/25 01:06:51 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/01/25 01:06:51 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/01/25 01:06:39 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/01/25 01:06:19 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/01/08 22:23:12 | 000,507,976 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2001/07/06 10:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[2001/05/23 17:06:12 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\Scint100.dll
[2001/05/23 17:06:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\sccres100.dll
[1601/02/13 04:28:18 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VyAsoVqGLdAsoVqxnd
 
========== LOP Check ==========
 
[2002/01/25 02:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\InterTrust
[2002/01/25 02:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\InterTrust
[2012/06/15 10:05:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Image Zone Express
[2002/01/25 02:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lea\Anwendungsdaten\InterTrust
[2007/05/09 10:00:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Leadertech
[2009/02/14 11:33:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lea\Anwendungsdaten\OpenOffice.org
[2009/02/06 06:45:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lea\Anwendungsdaten\Skinux
[2012/06/15 10:05:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lea\Anwendungsdaten\TeamViewer
[2008/10/02 12:25:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular
[2009/11/24 08:47:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Metabolic
[2012/05/25 04:10:02 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/05/03 14:40:01 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/06/12 10:23:19 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/05/13 08:00:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
 
========== Purity Check ==========
 
 
< End of report >

Verschluesselungs Trojaner <OTL LOG Inside>

Plagegeister aller Art und deren Bekämpfung: Verschluesselungs Trojaner <OTL LOG Inside>

Verschluesselungs Trojaner <OTL LOG Inside>

Ähnliche Themen: Verschluesselungs Trojaner <OTL LOG Inside>