TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll

Inuschka · 16.11.2009, 21:52

zweiter Teil

Code:

ATTFilter

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O2 - BHO: (Ask Toolbar BHO) - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F4D76F09-7896-458A-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 6\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [WireLessMouse] C:\Programme\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [Skype] C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range78 ([*] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.19 15:43:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2009.11.16 19:26:26 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009.11.16 19:21:51 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009.11.16 19:21:51 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009.11.16 19:21:51 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009.11.16 19:21:51 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009.11.16 19:21:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.11.16 19:19:13 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.11.16 18:56:08 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\iris\Recent
[2009.11.16 18:33:46 | 00,000,000 | ---D | C] -- C:\Programme\CCleaner
[2009.11.16 11:37:44 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\iris\Desktop\OTL.exe
[2009.11.12 12:14:41 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009.11.12 12:14:03 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Dokumente und Einstellungen\iris\Desktop\VundoFix.exe
[2009.11.12 11:59:39 | 00,000,000 | ---D | C] -- C:\Programme\HijackThis
[2009.11.02 14:44:37 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\skypePM
[2009.11.02 14:32:22 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\Skype
[2009.11.02 14:31:03 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2009.11.02 14:30:58 | 00,000,000 | R--D | C] -- C:\Programme\Skype
[2009.11.02 14:30:49 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2009.11.16 21:41:34 | 09,891,872 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009.11.16 21:20:05 | 00,358,383 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009.11.16 21:19:15 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.11.16 21:16:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.11.16 21:15:17 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009.11.16 21:13:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.11.16 21:13:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.11.16 21:12:26 | 00,118,772 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009.11.16 21:12:13 | 06,029,312 | -H-- | M] () -- C:\Dokumente und Einstellungen\XXX\NTUSER.DAT
[2009.11.16 21:12:13 | 00,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\XXX\ntuser.ini
[2009.11.16 19:26:39 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009.11.16 19:15:48 | 03,560,773 | R--- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\cofi.exe
[2009.11.16 19:12:10 | 03,148,854 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\fehler.bmp
[2009.11.16 18:33:47 | 00,001,516 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\CCleaner.lnk
[2009.11.16 11:40:35 | 00,291,840 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\mjp2vgv5.exe
[2009.11.16 11:36:59 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\iris\Desktop\OTL.exe
[2009.11.15 23:33:54 | 00,091,301 | ---- | M] () -- C:\WINDOWS\System32\inyasxy
[2009.11.14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009.11.13 17:17:27 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2009.11.12 12:13:33 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Dokumente und Einstellungen\iris\Desktop\VundoFix.exe
[2009.11.12 09:30:53 | 00,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.11.07 00:02:52 | 00,029,790 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\pod.jpg
[2009.11.06 19:36:46 | 04,001,527 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\Studienarbeit_06112009.pdf
[2009.11.06 13:49:39 | 00,124,821 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\rui.jpg
[2009.11.05 18:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009.11.04 15:52:41 | 00,462,896 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2009.11.04 15:52:41 | 00,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.11.04 15:52:41 | 00,085,740 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2009.11.04 15:52:41 | 00,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.11.04 15:52:40 | 01,078,502 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.11.02 14:44:38 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.11.01 17:35:50 | 00,084,289 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\mdbu.bin
[2009.10.27 13:35:50 | 00,727,387 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\PICT0048.JPG
[2009.10.25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009.10.22 10:16:22 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009.10.22 10:16:22 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2009.11.16 19:26:38 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009.11.16 19:26:29 | 00,262,448 | ---- | C] () -- C:\cmldr
[2009.11.16 19:21:51 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009.11.16 19:21:51 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009.11.16 19:21:51 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009.11.16 19:21:51 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009.11.16 19:21:51 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009.11.16 19:18:04 | 03,560,773 | R--- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\cofi.exe
[2009.11.16 19:12:09 | 03,148,854 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\fehler.bmp
[2009.11.16 18:33:47 | 00,001,516 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\CCleaner.lnk
[2009.11.16 11:40:47 | 00,291,840 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\mjp2vgv5.exe
[2009.11.15 23:33:54 | 00,091,301 | ---- | C] () -- C:\WINDOWS\System32\inyasxy
[2009.11.07 00:02:37 | 00,029,790 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\pod.jpg
[2009.11.06 19:36:46 | 04,001,527 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\Studienarbeit_06112009.pdf
[2009.11.06 13:49:39 | 00,124,821 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\rui.jpg
[2009.11.06 13:25:37 | 00,568,101 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\100_1927.JPG
[2009.11.02 14:44:38 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.10.27 13:35:44 | 00,727,387 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\PICT0048.JPG
[2009.10.14 21:46:51 | 00,084,289 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\mdbu.bin
[2009.07.09 00:35:57 | 00,000,046 | ---- | C] () -- C:\WINDOWS\mxcdr.INI
[2009.07.02 08:19:08 | 00,002,465 | R--- | C] () -- C:\WINDOWS\OOIDRV.INI
[2009.06.05 14:26:28 | 00,000,222 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos3_5.INI
[2009.06.05 14:13:06 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009.06.05 14:07:58 | 00,000,085 | ---- | C] () -- C:\WINDOWS\magix.ini
[2009.06.05 14:07:51 | 00,001,104 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008.12.07 19:28:53 | 00,000,282 | ---- | C] () -- C:\WINDOWS\avwin.ini
[2008.06.19 11:41:16 | 00,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008.06.14 21:13:32 | 00,000,102 | ---- | C] () -- C:\WINDOWS\afarechner.INI
[2008.05.26 14:53:48 | 00,000,073 | ---- | C] () -- C:\WINDOWS\MINDMA~1.INI
[2008.05.13 22:45:41 | 00,001,385 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007.11.26 22:40:28 | 00,000,658 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007.11.17 21:33:19 | 00,403,167 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\mdb.bin
[2007.11.17 19:24:37 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007.11.17 19:24:37 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007.11.17 19:24:37 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007.11.17 19:24:36 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007.11.17 19:24:36 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007.09.30 17:56:30 | 00,010,752 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.09 12:24:56 | 06,427,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2007.06.26 10:11:30 | 00,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007.06.09 19:49:50 | 00,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll
[2007.06.09 19:49:50 | 00,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll
[2007.06.09 19:49:24 | 00,796,312 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007.06.07 21:57:25 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.06.05 15:30:41 | 00,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.06.05 14:34:28 | 00,237,568 | ---- | C] () -- C:\WINDOWS\NwtGatewayDLL.dll
[2007.06.05 14:34:28 | 00,001,109 | ---- | C] () -- C:\WINDOWS\NwtGatewayConfig.ini
[2007.05.04 10:02:35 | 00,000,157 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2007.03.28 19:30:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007.02.21 15:32:55 | 00,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2007.01.13 12:20:39 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2006.12.28 18:37:18 | 00,000,076 | ---- | C] () -- C:\WINDOWS\ds3sim.INI
[2006.09.12 20:04:57 | 00,000,164 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.07.30 15:18:51 | 00,000,030 | ---- | C] () -- C:\WINDOWS\avx.ini
[2006.07.23 15:06:01 | 00,000,029 | ---- | C] () -- C:\WINDOWS\USB Downloader.INI
[2006.07.03 17:57:50 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\wordinst.dll
[2006.07.03 12:37:54 | 00,058,608 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2006.07.03 11:11:24 | 00,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.07.03 01:27:53 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\desktop.ini
[2006.07.03 01:27:52 | 00,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.06.29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006.06.29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.04.18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005.12.20 12:45:54 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.12.20 11:56:00 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005.12.20 11:56:00 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005.12.20 11:56:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005.12.20 11:56:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005.12.20 11:56:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005.12.20 11:56:00 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005.12.20 11:39:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005.12.19 16:04:13 | 00,000,941 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005.12.19 15:35:12 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
[2005.12.19 07:27:30 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005.12.19 07:27:18 | 00,004,152 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.12.19 07:26:48 | 00,000,626 | ---- | C] () -- C:\WINDOWS\win.ini
[2005.12.19 07:26:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005.09.02 13:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 20:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004.07.20 16:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004.01.15 13:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003.02.20 17:53:42 | 00,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll

Plagegeister aller Art und deren Bekämpfung: TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll

TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll

Ähnliche Themen: TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll