| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dllWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
16.11.2009, 23:18
| #1 |
 |  TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll zweiter Teil Code:
ATTFilter Process C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) 1392
Library C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) 0x00400000
Library C:\Programme\Avira\AntiVir Desktop\schedr.dll (avschdr Dynamic Link Library/Avira GmbH) 0x10000000
Library C:\Programme\Avira\AntiVir Desktop\avevtlog.dll (Event Logger/Avira GmbH) 0x00B80000
Library C:\Programme\Avira\AntiVir Desktop\sqlite3.dll 0x00CD0000
Process C:\Programme\Apoint\Apoint.exe (Alps Pointing-device Driver/Alps Electric Co., Ltd.) 1640
Library C:\Programme\Apoint\Apoint.exe (Alps Pointing-device Driver/Alps Electric Co., Ltd.) 0x00400000
Library C:\WINDOWS\system32\VXDIF.DLL (Vxdif/Alps Electric Co., Ltd.) 0x10000000
Library C:\Programme\Apoint\ApWheel.dll (Apoint Wheel Support Library/ALPS ELECTRIC CO., LTD.) 0x00920000
Library C:\Programme\Apoint\Apoint.DLL (Alps Pointing-device Driver/Alps Electric Co., Ltd.) 0x009F0000
Library C:\Programme\Apoint\ApRes.dll (Alps Pointing-device Driver/Alps Electric Co., Ltd.) 0x010A0000
Library C:\Programme\Apoint\EzAuto.dll (Alps pointing device extension/Alps Electric Co., Ltd.) 0x00A20000
Library C:\Programme\Apoint\EzLaunch.DLL (Easy Launcher/Alps Electric Co., Ltd.) 0x01000000
Process C:\WINDOWS\system32\igfxpers.exe (persistence Module/Intel Corporation) 1656
Library C:\WINDOWS\system32\igfxpers.exe (persistence Module/Intel Corporation) 0x00400000
Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x10000000
Process C:\Programme\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 1752
Library C:\Programme\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 0x00400000
Library C:\PROGRA~1\GEMEIN~1\SYSTEM\MSMAPI\1031\MSMAPI32.DLL (Extended MAPI 1.0 for Windows NT/Microsoft Corporation) 0x35F70000
Process C:\WINDOWS\system32\igfxext.exe (igfxext Module/Intel Corporation) 1760
Library C:\WINDOWS\system32\igfxext.exe (igfxext Module/Intel Corporation) 0x00400000
Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x10000000
Library C:\WINDOWS\system32\IGFXEXPS.DLL (igfxext Module/Intel Corporation) 0x00FD0000
Process C:\WINDOWS\system32\igfxsrvc.exe (igfxsrvc Module/Intel Corporation) 1800
Library C:\WINDOWS\system32\igfxsrvc.exe (igfxsrvc Module/Intel Corporation) 0x00400000
Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x10000000
Library C:\WINDOWS\system32\igfxdev.dll (igfxdev Module/Intel Corporation) 0x00FD0000
Process C:\WINDOWS\system32\igfxtray.exe (igfxTray Module/Intel Corporation) 1872
Library C:\WINDOWS\system32\igfxtray.exe (igfxTray Module/Intel Corporation) 0x00400000
Library C:\WINDOWS\system32\hccutils.DLL (hccutils Module/Intel Corporation) 0x10000000
Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x00920000
Library C:\WINDOWS\system32\igfxres.dll (igfxres Module/Intel Corporation) 0x00F20000
Library C:\WINDOWS\system32\igfxress.dll (igfxress Module/Intel Corporation) 0x010A0000
Process C:\Programme\Sony\VAIO Event Service\VESMgr.exe (VAIO Event Service (Service Module)/Sony Corporation) 1880
Library C:\Programme\Sony\VAIO Event Service\VESMgr.exe (VAIO Event Service (Service Module)/Sony Corporation) 0x00400000
Library C:\Programme\Sony\VAIO Event Service\VESSuEvent.dll (VAIO Event Service (SnyUtils Event Module)/Sony Corporation) 0x10000000
Library C:\Programme\Sony\VAIO Event Service\VESBasePS.dll 0x00920000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\Sony Utilities\SnyUtils.dll (SnyUtils.DLL/Sony Corporation) 0x00930000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\SXBIOS\sxbios.dll (SxBios DLL/Sony Corporation) 0x00F10000
Library C:\Programme\Sony\VAIO Event Service\VESWndMsg.dll (VAIO Event Service (WndMsg Module)/Sony Corporation) 0x00F50000
Library C:\Programme\Sony\VAIO Event Service\VESWndMsgHook.dll (VAIO Event Service (Hook Module for VESWndMsg)/Sony Corporation) 0x00F90000
Library C:\Programme\Sony\VAIO Event Service\VESTransform.dll (VAIO Event Service (Transform Module)/Sony Corporation) 0x00FB0000
Library C:\Programme\Sony\VAIO Event Service\VESHardwareMixer.dll (VAIO Event Service (Hardware Mixer Module)/Sony Corporation) 0x01600000
Library C:\Programme\Sony\VAIO Power Management\VESPowerMgr.dll (VAIO Event Service (Power Management Module)/Sony Corporation) 0x01770000
Library C:\Programme\Sony\VAIO Event Service\VESSemiPnP.dll (VAIO Event Service (Plug and Display Function Module)/Sony Corporation) 0x01D00000
Library C:\Programme\Sony\VAIO Event Service\VESSuPerform.dll (VAIO Event Service (SnyUtils Perform Module)/Sony Corporation) 0x01D20000
Library C:\Programme\Sony\VAIO Event Service\VESVideo.dll (VAIO Event Service(Video Module)/Sony Corporation) 0x01D40000
Library C:\Programme\Sony\VAIO Event Service\VESPerform.dll (VAIO Event Service (Common Perform Module)/Sony Corporation) 0x01D60000
Library C:\Programme\Sony\AV Mode Button Utility\VESAVModeButton.dll (VAIO Event Service(AVModeButton Module)/Sony Corporation) 0x01D90000
Library C:\Programme\Sony\VAIO Event Service\VESFnLock.dll (VAIO Event Service (Fn Lock Module)/Sony Corporation) 0x01DB0000
Library C:\Programme\Sony\VAIO Event Service\VESHKWndCommon.dll (VAIO Event Service (Hotkey UI Module)/Sony Corporation) 0x01DE0000
Library C:\WINDOWS\system32\IGFXEXPS.DLL (igfxext Module/Intel Corporation) 0x02050000
Process C:\WINDOWS\system32\hkcmd.exe (hkcmd Module/Intel Corporation) 1908
Library C:\WINDOWS\system32\hkcmd.exe (hkcmd Module/Intel Corporation) 0x00400000
Library C:\WINDOWS\system32\hccutils.DLL (hccutils Module/Intel Corporation) 0x10000000
Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x00ED0000
Library C:\WINDOWS\system32\igfxres.dll (igfxres Module/Intel Corporation) 0x00EF0000
Process C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (VAIO Entertainment UPnP Client Adapter/Sony Corporation) 1916
Library C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (VAIO Entertainment UPnP Client Adapter/Sony Corporation) 0x00400000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\sonyuppc.dll (Sony UPnP Client Library/Sony Corporation) 0x10000000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\UPnPCtrl.dll (Sony UPnPCtrl Library/Sony Corporation) 0x00330000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSWEXEps.dll (VAIO Entertainment UPnP Client Adapter Proxy/Sony Corporation) 0x00E00000
Process C:\Programme\Java\jre6\bin\jusched.exe (Java(TM) Platform SE binary/Sun Microsystems, Inc.) 1940
Library C:\Programme\Java\jre6\bin\jusched.exe (Java(TM) Platform SE binary/Sun Microsystems, Inc.) 0x00400000
Process C:\WINDOWS\system32\winlogon.exe (Windows NT-Anmeldung/Microsoft Corporation) 1976
Library C:\WINDOWS\system32\VESWinlogon.dll (VAIO Event Service (Winlogon Notification Module)/Sony Corporation) 0x10000000
Process C:\WINDOWS\system32\ICO.EXE (Mouse Suite 98 Daemon/Primax Electronics Ltd.) 2136
Library C:\WINDOWS\system32\ICO.EXE (Mouse Suite 98 Daemon/Primax Electronics Ltd.) 0x00400000
Process C:\Programme\Sony\VAIO Power Management\SPMgr.exe (SPM Module/Sony Corporation) 2168
Library C:\Programme\Sony\VAIO Power Management\SPMgr.exe (SPM Module/Sony Corporation) 0x00400000
Library C:\Programme\Sony\VAIO Power Management\SPMDAM.dll (SPM Data Access Manager/Sony Corporation) 0x10000000
Library C:\Programme\Sony\VAIO Power Management\SPMRes.dll (SPM Module/Sony Corporation) 0x00940000
Library C:\Programme\Sony\VAIO Power Management\SPMDrv.dll (SPM driver/Sony Corporation) 0x00AF0000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\Sony Utilities\SnyUtils.dll (SnyUtils.DLL/Sony Corporation) 0x00B10000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\SXBIOS\sxbios.dll (SxBios DLL/Sony Corporation) 0x00B30000
Process C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) 2184
Library C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) 0x00400000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\Sony Utilities\SnyUtils.dll (SnyUtils.DLL/Sony Corporation) 0x10000000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\SXBIOS\sxbios.dll (SxBios DLL/Sony Corporation) 0x00900000
Library C:\Programme\Sony\ISB Utility\ISBRes.dll (Sony Corporation) 0x00C50000
Process C:\Programme\Mindjet\MindManager 6\MMReminderService.exe (MindManager Reminder Services/Mindjet) 2260
Library C:\Programme\Mindjet\MindManager 6\MMReminderService.exe (MindManager Reminder Services/Mindjet) 0x00400000
Library C:\Programme\Mindjet\MindManager 6\MmServiceUtilities.dll (Service Utility Library/Mindjet) 0x10000000
Library C:\Programme\Mindjet\MindManager 6\MmUtilities.dll (Utility Library/Mindjet) 0x00340000
Library C:\Programme\Mindjet\MindManager 6\VIC32.DLL (Victor 32-bit Library/Catenary Systems) 0x60C90000
Library C:\Programme\Mindjet\MindManager 6\BCGCBPRO730u.dll (BCGControlBar Professional DLL for MindManager/BCGSoft Ltd / Mindjet LLC) 0x00410000
Process C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (ZoneAlarm Client/Zone Labs, LLC) 2280
Library C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (ZoneAlarm Client/Zone Labs, LLC) 0x00400000
Library C:\WINDOWS\system32\VSUTIL.dll (TrueVector Service/Zone Labs, LLC) 0x10000000
Library C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC) 0x00340000
Library C:\WINDOWS\system32\VSPUBAPI.dll (TrueVector Service/Zone Labs, LLC) 0x00370000
Library C:\Programme\Zone Labs\ZoneAlarm\framewrk.dll (ZoneAlarm Framework Module/Zone Labs, LLC) 0x004E0000
Library C:\WINDOWS\system32\zpeng24.dll (Python Core/Python Software Foundation) 0x1E000000
Library C:\WINDOWS\system32\VSUTIL_Loc0407.dll (TrueVector Service/Zone Labs Inc.) 0x00F10000
Library C:\Programme\Zone Labs\ZoneAlarm\framewrk_Loc0407.dll (ZoneAlarm Framework Module/Zone Labs Inc.) 0x00F30000
Library C:\WINDOWS\system32\ZoneLabs\fbl.dll (Feature based licensing library/Zone Labs, LLC) 0x010B0000
Library C:\WINDOWS\system32\vsdata.dll (TrueVector Service DLL/Zone Labs, LLC) 0x010D0000
Library C:\WINDOWS\system32\vsxml.dll (TrueVector Service/Zone Labs, LLC) 0x01100000
Library C:\WINDOWS\system32\ZoneLabs\lib\pyd\zpui.pyd 0x01420000
Library C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd 0x1D100000
Library C:\Programme\Zone Labs\ZoneAlarm\zlclient_Loc0407.dll (ZoneAlarm/Zone Labs Inc.) 0x01450000
Library C:\WINDOWS\system32\vsmonapi.dll (TrueVector Client Interface/Zone Labs, LLC) 0x01710000
Library C:\WINDOWS\system32\zlcomm.dll (ZLComm/Zone Labs, LLC) 0x01740000
Library C:\WINDOWS\system32\ZLCommDB.dll (ZLCommDB/Zone Labs, LLC) 0x01760000
Library C:\WINDOWS\system32\ZoneLabs\scheduler.dll (scheduler feature plug-in/Zone Labs, LLC) 0x01780000
Library C:\Programme\Zone Labs\ZoneAlarm\alert.zap (Alerts Plugin Module/Zone Labs, LLC) 0x60000000
Library C:\Programme\Zone Labs\ZoneAlarm\alert_Loc0407.zap (Alerts Plugin Module/Zone Labs
|
|
16.11.2009, 23:19
| #2 |
| | TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll dritter Teil
__________________Code:
ATTFilter Library C:\Programme\Zone Labs\ZoneAlarm\cam.zap (Anti-Virus Monitoring Module/Zone Labs, LLC) 0x017F0000
Library C:\Programme\Zone Labs\ZoneAlarm\cam_Loc0407.zap (Anti-virus-Überwachungsmodul/Zone Labs Inc.) 0x01810000
Library C:\Programme\Zone Labs\ZoneAlarm\email.zap (Email Plugin Module/Zone Labs, LLC) 0x01820000
Library C:\Programme\Zone Labs\ZoneAlarm\email_Loc0407.zap (Email Plugin Module/Zone Labs Inc.) 0x01840000
Library C:\Programme\Zone Labs\ZoneAlarm\filter.zap (Filter Plugin Module/Zone Labs, LLC) 0x01850000
Library C:\Programme\Zone Labs\ZoneAlarm\filter_Loc0407.zap (Filter Plugin Module/Zone Labs Inc.) 0x01860000
Library C:\Programme\Zone Labs\ZoneAlarm\firewall.zap (Firewall Plugin Module/Zone Labs, LLC) 0x01870000
Library C:\Programme\Zone Labs\ZoneAlarm\firewall_Loc0407.zap (Firewall Plugin Module/Zone Labs Inc.) 0x018A0000
Library C:\Programme\Zone Labs\ZoneAlarm\idlock.zap (ZoneAlarmPro/Zone Labs, LLC) 0x018B0000
Library C:\Programme\Zone Labs\ZoneAlarm\idlock_Loc0407.zap (ZoneAlarmPro/Zone Labs Inc.) 0x018F0000
Library C:\Programme\Zone Labs\ZoneAlarm\privacy.zap (Privacy Plugin Module/Zone Labs, LLC) 0x01910000
Library C:\Programme\Zone Labs\ZoneAlarm\privacy_Loc0407.zap (Privacy Plugin Module/Zone Labs Inc.) 0x01940000
Library C:\Programme\Zone Labs\ZoneAlarm\programs.zap (Programs Plugin Module/Zone Labs, LLC) 0x01950000
Library C:\Programme\Zone Labs\ZoneAlarm\programs_Loc0407.zap (Programs Plugin Module/Zone Labs Inc.) 0x019A0000
Library C:\WINDOWS\system32\ZoneLabs\av.dll (av feature plug-in/Zone Labs, LLC) 0x01A60000
Library C:\WINDOWS\system32\ZoneLabs\av_Loc0407.dll (av feature plug-in/Zone Labs Inc.) 0x01AC0000
Library C:\Programme\Zone Labs\ZoneAlarm\security.zap (Overview Plugin Module/Zone Labs, LLC) 0x019D0000
Library C:\Programme\Zone Labs\ZoneAlarm\security_Loc0407.zap (Overview Plugin Module/Zone Labs Inc.) 0x01AD0000
Library C:\WINDOWS\system32\ZoneLabs\camupd.dll (camupd feature plug-in/Zone Labs, LLC) 0x01B20000
Process C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH) 2320
Library C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH) 0x00400000
Library C:\Programme\Avira\AntiVir Desktop\cclib.dll (Antivirus Control Center Common Library/Avira GmbH) 0x10000000
Library c:\programme\avira\antivir desktop\ccgen.dll (Control Center General Plugin/Avira GmbH) 0x00B00000
Library c:\programme\avira\antivir desktop\ccgenrc.dll (Control Center General Plugin Resources/Avira GmbH) 0x00B90000
Library c:\programme\avira\antivir desktop\ccguard.dll (Control Center Guard Plugin/Avira GmbH) 0x00BB0000
Library c:\programme\avira\antivir desktop\ccgrdrc.dll (Control Center Guard Plugin Resources/Avira GmbH) 0x00C10000
Library c:\programme\avira\antivir desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x00C30000
Library c:\programme\avira\antivir desktop\ccupdate.dll (Control Center Updater Plugin/Avira GmbH) 0x00C60000
Library c:\programme\avira\antivir desktop\ccupdrc.dll (Control Center Updater Plugin Resources/Avira GmbH) 0x00CB0000
Library c:\programme\avira\antivir desktop\cclic.dll (Control Center License Plugin/Avira GmbH) 0x00CD0000
Library c:\programme\avira\antivir desktop\cclicrc.dll (Control Center License Plugin Resources/Avira GmbH) 0x00E30000
Library c:\programme\avira\antivir desktop\ccmsg.dll (Control Center Message Plugin/Avira GmbH) 0x00E50000
Process C:\Programme\Multimedia Mouse Driver\MouseDrv.exe 2428
Library C:\Programme\Multimedia Mouse Driver\MouseDrv.exe 0x00400000
Library C:\Programme\Multimedia Mouse Driver\MouseHook.dll 0x10000000
Process C:\Programme\Apoint\Apntex.exe (Alps Pointing-device Driver for Windows NT/2000/XP/Alps Electric Co., Ltd.) 2444
Library C:\Programme\Apoint\Apntex.exe (Alps Pointing-device Driver for Windows NT/2000/XP/Alps Electric Co., Ltd.) 0x00400000
Library C:\WINDOWS\system32\VXDIF.DLL (Vxdif/Alps Electric Co., Ltd.) 0x10000000
Process C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (VAIO Entertainment Database Service/Sony Corporation) 2516
Library C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (VAIO Entertainment Database Service/Sony Corporation) 0x00400000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbVcds.dll (Remote Database Adaptor/Sony Corporation) 0x10000000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSsDB.dll (SonicStage Database Adaptor/Sony Corporation) 0x00640000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbLocalDB.dll (Local Database Adaptor/Sony Corporation) 0x00680000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSWEXEps.dll (VAIO Entertainment UPnP Client Adapter Proxy/Sony Corporation) 0x00DB0000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvcps.dll (VAIO Entertainment Database Service Proxy/Sony Corporation) 0x00DE0000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\Avlib\Metallic.dll (Metallic Database Library/Sony Corporation) 0x01230000
Library C:\WINDOWS\system32\msjetoledb40.dll 0x1B570000
Process C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (VAIO Entertainment File Import Service/Sony Corporation) 2672
Library C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (VAIO Entertainment File Import Service/Sony Corporation) 0x00400000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFwImport.dll (VAIO Entertainment File Importer/Sony Corporation) 0x10000000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdb.dll (VAIO Entertainment Common Database/Sony Corporation) 0x00E70000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvcps.dll (VAIO Entertainment Database Service Proxy/Sony Corporation) 0x00F90000
Library C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCs.dll (VzCs Manager/Sony Corporation) 0x00FA0000
Process C:\WINDOWS\system32\ZoneLabs\vsmon.exe (TrueVector Service/Zone Labs, LLC) 3540
Library C:\WINDOWS\system32\ZoneLabs\vsmon.exe (TrueVector Service/Zone Labs, LLC) 0x00400000
Library C:\WINDOWS\system32\VSUTIL.dll (TrueVector Service/Zone Labs, LLC) 0x10000000
Library C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC) 0x00330000
Library C:\WINDOWS\system32\zpeng24.dll (Python Core/Python Software Foundation) 0x1E000000
Library C:\WINDOWS\system32\VSUTIL_Loc0407.dll (TrueVector Service/Zone Labs Inc.) 0x003F0000
Library C:\WINDOWS\system32\zonelabs\lib\pyd\signedDll.pyd 0x01000000
Library C:\WINDOWS\system32\zonelabs\lib\pyd\pyvsinit.pyd 0x01010000
Library C:\WINDOWS\system32\zonelabs\lib\pyd\pyexpat.pyd 0x1D100000
Library C:\WINDOWS\system32\zonelabs\lib\pyd\_socket.pyd 0x1E1D0000
Library C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll (vsmon plug-in/Zone Labs, LLC) 0x01020000
Library C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll (RPC Server plug-in/Zone Labs, LLC) 0x01030000
Library C:\WINDOWS\system32\ZoneLabs\vsmondll.dll (TrueVector Service/Zone Labs, LLC) 0x01240000
Library C:\WINDOWS\system32\VSDATA.dll (TrueVector Service DLL/Zone Labs, LLC) 0x01450000
Library C:\WINDOWS\system32\ZoneLabs\ssleay32.dll (TrueVector Service/Zone Labs, LLC) 0x01470000
Library C:\WINDOWS\system32\vsxml.dll (TrueVector Service/Zone Labs, LLC) 0x01650000
Library C:\WINDOWS\system32\ZoneLabs\fbl.dll (Feature based licensing library/Zone Labs, LLC) 0x01790000
Library C:\WINDOWS\system32\zlcomm.dll (ZLComm/Zone Labs, LLC) 0x017B0000
Library C:\WINDOWS\system32\ZLCommDB.dll (ZLCommDB/Zone Labs, LLC) 0x017D0000
Library C:\WINDOWS\system32\ZoneLabs\vsdb.dll (TrueVector Service/Zone Labs, LLC) 0x017F0000
Library C:\WINDOWS\system32\ZoneLabs\VSRULEDB.DLL (TrueVector Service/Zone Labs, LLC) 0x01A10000
Library C:\WINDOWS\system32\ZoneLabs\VSRULEDB_Loc0407.dll (TrueVector Service/Zone Labs Inc.) 0x01B60000
Library C:\WINDOWS\system32\ZoneLabs\vsvault.dll (TrueVector Service/Zone Labs, LLC) 0x02190000
Library C:\WINDOWS\system32\vswmi.dll (vsmon component/Zone Labs, LLC) 0x025D0000
Library C:\WINDOWS\system32\ZoneLabs\av.dll (av feature plug-in/Zone Labs, LLC) 0x025F0000
Library C:\WINDOWS\system32\ZoneLabs\av_Loc0407.dll (av feature plug-in/Zone Labs Inc.) 0x02650000
Library C:\WINDOWS\system32\ZoneLabs\imsecure.dll (TrueVector Service/Zone Labs, LLC) 0x02660000
Library C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll (zlquarantine/Zone Labs, LLC) 0x026B0000
Library C:\WINDOWS\system32\ZoneLabs\zlquarantine_Loc0407.dll (zlquarantine/Zone Labs Inc.) 0x02790000
Library C:\WINDOWS\system32\ZoneLabs\qrbase.dll (qrbase/Zone Labs, LLC) 0x035E0000
Library C:\WINDOWS\system32\ZoneLabs\scheduler.dll (scheduler feature plug-in/Zone Labs, LLC) 0x027A0000
Library C:\WINDOWS\system32\ZoneLabs\zlsre.dll (zlsre/Zone Labs, LLC) 0x037E0000
Library C:\WINDOWS\system32\ZoneLabs\zlsre_Loc0407.dll (zlsre/Zone Labs Inc.) 0x027D0000
Library C:\WINDOWS\system32\ZoneLabs\srescan.dll (srescan/Zone Labs, LLC) 0x03BE0000
Library C:\WINDOWS\system32\ZoneLabs\zlupdate.dll (ZLUpdate feature plug-in/Zone Labs, LLC) 0x027E0000
Library C:\WINDOWS\system32\ZoneLabs\streamapi\h**pblocker\h**pblocker.dll (h**pBlocker plug-in/Zone Labs, LLC) 0x03690000
Library C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll 0x03E50000
Library C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll (ZoneAlarm IMsecure components for securing MSN/AIM-OSCAR/YIM protocols/Zone Labs, LLC) 0x03F20000
Library C:\WINDOWS\system32\ZoneLabs\camupd.dll (camupd feature plug-in/Zone Labs, LLC) 0x022E0000
|
|
16.11.2009, 23:20
| #3 |
| | TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll vierter Teil und letzter Teil
__________________Code:
ATTFilter ---- Services - GMER 1.0.15 ----
Service C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [AUTO] AdobeActiveFileMonitor4.0
Service C:\WINDOWS\system32\DRIVERS\AegisP.sys (IEEE 802.1X Protocol Driver/Meetinghouse Data Communications) [AUTO] AegisP
Service C:\WINDOWS\system32\DRIVERS\akshasp.sys (AKSHASP Device Driver/Aladdin Knowledge Systems Ltd.) [MANUAL] akshasp
Service C:\WINDOWS\system32\DRIVERS\aksusb.sys (Aladdin USB Key Driver/Aladdin Knowledge Systems Ltd.) [MANUAL] aksusb
Service C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirSchedulerService
Service C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService
Service C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Touch Pad Driver/Alps Electric Co., Ltd.) [MANUAL] ApfiltrService
Service ASPI32
Service C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (System Level Service Utility/Autodesk) [AUTO] Autodesk Licensing Service
Service C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [SYSTEM] avgio
Service C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [AUTO] avgntflt
Service C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) [SYSTEM] avipbb
Service C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (BVRP NDIS 5.0 MPR Protocol Driver/BVRP Software) [MANUAL] BVRPMPR5
Service C:\cofi\catchme.sys [MANUAL] catchme
Service C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems VPN Adapter/Cisco Systems, Inc.) [MANUAL] CVirtA
Service C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems VPN Client/Cisco Systems, Inc.) [AUTO] CVPND
Service C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems VPN Client IPSec Driver/Cisco Systems, Inc.) [AUTO] CVPNDRVA
Service C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (AVM de_serv/AVM Berlin) [MANUAL] de_serv
Service C:\WINDOWS\system32\DRIVERS\DMICall.sys (Windows 2000 DMI Call Kernel Driver/Sony Corporation) [SYSTEM] DMICall
Service C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Network Enhancer/Deterministic Networks, Inc.) [MANUAL] DNE
Service C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel(R) PRO/100 Adapter NDIS 5.1 driver/Intel Corporation) [MANUAL] E100B
Service C:\Programme\Intel\Wireless\Bin\EvtEng.exe (EvtEng Module/Intel Corporation) [AUTO] EvtEng
Service C:\WINDOWS\system32\drivers\hardlock.sys (Hardlock Device Driver for Windows NT/Aladdin Knowledge Systems Ltd.) [AUTO] Hardlock
Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) [MANUAL] HDAudBus
Service C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.) [MANUAL] HSFHWAZL
Service C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (HSF_DP driver/Conexant Systems, Inc.) [MANUAL] HSF_DPV
Service C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Graphics Miniport Driver/Intel Corporation) [MANUAL] ialm
Service C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService
Service C:\Programme\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:\WINDOWS\system32\DRIVERS\klif.sys (Klif Mini-Filter/Kaspersky Lab) [SYSTEM] KLIF
Service C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface DRIVER/Conexant) [AUTO] mdmxsdk
Service C:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [AUTO] mi-raysat_3dsMax2009_32
Service MSDTC Bridge 3.0.0.0
Service Outlook
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (RegSrvc Module/Intel Corporation) [AUTO] RegSrvc
Service C:\WINDOWS\system32\DRIVERS\RimSerial.sys (RIM Virtual Serial Driver/Research in Motion Ltd) [MANUAL] RimSerPort
Service System32\Drivers\RimUsb.sys [MANUAL] RimUsb
Service C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Event Monitor - Supports driver extensions to NIC Driver for wireless adapters./Intel Corporation ) [AUTO] S24EventMonitor
Service C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel WLAN Packet Driver/Intel Corporation) [AUTO] s24trans
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service C:\WINDOWS\system32\DRIVERS\ser2pl.sys (USB-to-Serial Cable Driver/Prolific Technology Inc.) [MANUAL] Ser2pl
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service SMSvcHost 3.0.0.0
Service C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis Snapshot API/Acronis) [BOOT] snapman
Service C:\WINDOWS\System32\Drivers\SonyNC.sys (Sony Notebook Control driver/Sony Corporation) [MANUAL] SNC
Service C:\WINDOWS\system32\DRIVERS\SonyPI.sys (Sony Programmable I/O Control Device/Sony Corporation) [MANUAL] SPI
Service C:\WINDOWS\system32\ZoneLabs\srescan.sys (srescan/Zone Labs, LLC) [BOOT] srescan
Service C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [SYSTEM] ssmdrv
Service C:\WINDOWS\system32\drivers\ti21sony.sys (ti21sony.sys/Texas Instruments) [MANUAL] ti21sony
Service C:\WINDOWS\system32\DRIVERS\tifsfilt.sys (TrueImage File System Filter/Acronis) [AUTO] tifsfilter
Service C:\WINDOWS\system32\DRIVERS\timntr.sys (TrueImage Backup Archive Explorer/Acronis) [BOOT] timounter
Service C:\WINDOWS\system32\drivers\Toshidpt.sys (Toshiba Bluetooth HID mini port driver/TOSHIBA Corporation.) [MANUAL] toshidpt
Service C:\WINDOWS\system32\DRIVERS\tosporte.sys (TOSHIBA Bluetooth Port Emulation Driver/TOSHIBA Corporation) [MANUAL] tosporte
Service C:\WINDOWS\System32\Drivers\tosrfbd.sys (Bluetooth RF Bus Driver/TOSHIBA CORPORATION) [MANUAL] Tosrfbd
Service C:\WINDOWS\System32\Drivers\tosrfbnp.sys (Bluetooth RFBNEP Driver/TOSHIBA Corporation) [MANUAL] Tosrfbnp
Service C:\WINDOWS\System32\Drivers\tosrfcom.sys (Bluetooth RFCOMM Driver/TOSHIBA Corporation) [SYSTEM] Tosrfcom
Service C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys (Bluetooth HID Driver from TOSHIBA/TOSHIBA Corporation.) [MANUAL] Tosrfhid
Service C:\WINDOWS\system32\DRIVERS\tosrfnds.sys (Bluetooth BNEP Driver/TOSHIBA Corporation.) [MANUAL] tosrfnds
Service C:\WINDOWS\system32\drivers\TosRfSnd.sys (Bluetooth Audio Driver (WDM)/TOSHIBA Corporation) [MANUAL] TosRfSnd
Service C:\WINDOWS\System32\Drivers\tosrfusb.sys (Bluetooth USB Miniport Driver/TOSHIBA CORPORATION) [MANUAL] Tosrfusb
Service system32\drivers\tsclient.sys [MANUAL] TSClient
Service C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Hardware Resource Manager/Sony Corporation) [MANUAL] VAIO Entertainment TV Device Arbitration Service
Service C:\Programme\Sony\VAIO Event Service\VESMgr.exe (VAIO Event Service (Service Module)/Sony Corporation) [AUTO] VAIO Event Service
Service C:\Programme\Gemeinsame [MANUAL] Vcsw
Service C:\WINDOWS\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) [SYSTEM] vsdatant
Service C:\WINDOWS\system32\ZoneLabs\vsmon.exe (TrueVector Service/Zone Labs, LLC) [AUTO] vsmon
Service C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (VAIO Entertainment Database Service/Sony Corporation) [AUTO] VzCdbSvc
Service C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (VAIO Entertainment File Import Service/Sony Corporation) [AUTO] VzFw
Service C:\WINDOWS\system32\DRIVERS\w29n51.sys (Intel® Wireless LAN Driver/Intel® Corporation) [MANUAL] w29n51
Service C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) [MANUAL] winachsf
Service Windows Workflow Foundation 3.0.0.0
---- EOF - GMER 1.0.15 ----
|
|
16.11.2009, 23:22
| #4 |
| | TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll OTL Ergebnis Code:
ATTFilter OTL logfile created on: 16.11.2009 23:04:45 - Run 4 OTL by OldTimer - Version 3.1.5.0 Folder = C:\Dokumente und Einstellungen\iris\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,11 Mb Total Physical Memory | 598,20 Mb Available Physical Memory | 58,99% Memory free 1,63 Gb Paging File | 1,29 Gb Available in Paging File | 79,20% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,26 Gb Total Space | 19,59 Gb Free Space | 52,58% Space Free | Partition Type: NTFS Drive D: | 30,28 Gb Total Space | 21,96 Gb Free Space | 72,52% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 1,91 Gb Total Space | 0,69 Gb Free Space | 36,07% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: IRIS_VAIO Current User Name: iris Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Dokumente und Einstellungen\iris\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC) PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe () PRC - C:\Programme\Multimedia Mouse Driver\MouseDrv.exe () PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Mindjet\MindManager 6\MmReminderService.exe (Mindjet) PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation) PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\iris\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Autodesk Licensing Service) -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC) SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SRV - (mi-raysat_3dsMax2009_32) -- C:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe () SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (S24EventMonitor) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis) DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis) DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis) DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (aksusb) -- C:\WINDOWS\system32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.) DRV - (akshasp) -- C:\WINDOWS\system32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.) DRV - (AegisP) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant) DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (BVRP Software) DRV - (RimSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (E100B) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation) DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (SPI) -- C:\WINDOWS\system32\drivers\SonyPI.sys (Sony Corporation) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) |
|
16.11.2009, 23:23
| #5 |
| | TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll zweiter teil Code:
ATTFilter ========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.0.1;127.0.0.1;localhost;;;;;;;;;;;;;;;;;;;;;;;;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.0.1:3128;https=192.168.0.1:3128;ftp=192.168.0.1:3128;gopher=192.168.0.1:3128;socks=192.168.0.1:1080
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.2.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5
FF - prefs.js..network.proxy.http: "192.168.0.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.07 10:21:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2009.11.16 23:00:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.03.09 10:06:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.11.16 23:00:41 | 00,000,000 | ---D | M]
[2009.03.09 10:06:50 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\Mozilla\Extensions
[2009.03.09 10:06:50 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.11.16 21:58:35 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\Mozilla\Firefox\Profiles\tm5unjcn.default\extensions
[2009.09.08 10:00:22 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\Mozilla\Firefox\Profiles\tm5unjcn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.09.15 10:07:35 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\Mozilla\Firefox\Profiles\tm5unjcn.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009.09.15 10:07:28 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\Mozilla\Firefox\Profiles\tm5unjcn.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.11.16 23:00:43 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.03.09 10:06:31 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.11.16 23:00:44 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009.03.09 10:06:11 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll
[2009.03.09 10:06:11 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll
[2009.11.16 23:00:17 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll
[2009.03.09 10:06:21 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
[2009.03.09 10:06:23 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.03.09 10:06:23 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.03.09 10:06:24 | 00,001,706 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml
[2009.03.09 10:06:24 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.03.09 10:06:24 | 00,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.03.09 10:06:24 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 6\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [WireLessMouse] C:\Programme\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [Skype] C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range78 ([*] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab (Java Plug-in 1.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.19 15:43:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 30 Days ==========
[2009.11.16 23:00:41 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009.11.16 23:00:41 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009.11.16 23:00:41 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009.11.16 23:00:41 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009.11.16 23:00:41 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009.11.16 22:33:03 | 00,241,664 | ---- | C] (Ask.com) -- C:\Programme\Uninstall Ask Toolbar.dll
[2009.11.16 19:26:26 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009.11.16 19:21:51 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009.11.16 19:21:51 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009.11.16 19:21:51 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009.11.16 19:21:51 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009.11.16 19:21:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.11.16 19:19:13 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.11.16 18:56:08 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\iris\Recent
[2009.11.16 18:33:46 | 00,000,000 | ---D | C] -- C:\Programme\CCleaner
[2009.11.16 11:37:44 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\iris\Desktop\OTL.exe
[2009.11.12 12:14:41 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009.11.12 12:14:03 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Dokumente und Einstellungen\iris\Desktop\VundoFix.exe
[2009.11.12 11:59:39 | 00,000,000 | ---D | C] -- C:\Programme\HijackThis
[2009.11.02 14:44:37 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\skypePM
[2009.11.02 14:32:22 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\Skype
[2009.11.02 14:31:03 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2009.11.02 14:30:58 | 00,000,000 | R--D | C] -- C:\Programme\Skype
[2009.11.02 14:30:49 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
|
|
16.11.2009, 23:24
| #6 |
| | TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll dritter Teil Code:
ATTFilter ========== Files - Modified Within 30 Days ========== [2009.11.16 23:02:42 | 09,975,840 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009.11.16 23:00:16 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009.11.16 23:00:16 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009.11.16 23:00:16 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009.11.16 23:00:16 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009.11.16 23:00:15 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009.11.16 22:51:47 | 00,358,383 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2009.11.16 22:51:11 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009.11.16 22:49:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009.11.16 22:49:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009.11.16 22:48:50 | 00,119,588 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009.11.16 22:48:25 | 06,029,312 | -H-- | M] () -- C:\Dokumente und Einstellungen\iris\NTUSER.DAT [2009.11.16 22:48:25 | 00,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\iris\ntuser.ini [2009.11.16 21:16:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009.11.16 21:15:17 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009.11.16 19:26:39 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2009.11.16 19:15:48 | 03,560,773 | R--- | M] () -- C:\Dokumente und Einstellungen\iris\Desktop\cofi.exe [2009.11.16 19:12:10 | 03,148,854 | ---- | M] () -- C:\Dokumente und Einstellungen\iris\Desktop\fehler.bmp [2009.11.16 18:33:47 | 00,001,516 | ---- | M] () -- C:\Dokumente und Einstellungen\iris\Desktop\CCleaner.lnk [2009.11.16 11:40:35 | 00,291,840 | ---- | M] () -- C:\Dokumente und Einstellungen\iris\Desktop\mjp2vgv5.exe [2009.11.16 11:36:59 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\iris\Desktop\OTL.exe [2009.11.15 23:33:54 | 00,091,301 | ---- | M] () -- C:\WINDOWS\System32\inyasxy [2009.11.14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009.11.13 17:17:27 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2009.11.12 12:13:33 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Dokumente und Einstellungen\iris\Desktop\VundoFix.exe [2009.11.12 09:30:53 | 00,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.11.07 00:02:52 | 00,029,790 | ---- | M] () -- C:\Dokumente und Einstellungen\iris\Desktop\pod.jpg [2009.11.06 19:36:46 | 04,001,527 | ---- | M] () -- C:\Dokumente und Einstellungen\iris\Desktop\Studienarbeit_06112009.pdf [2009.11.06 13:49:39 | 00,124,821 | ---- | M] () -- C:\Dokumente und Einstellungen\iris\Desktop\rui.jpg [2009.11.05 18:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009.11.04 15:52:41 | 00,462,896 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2009.11.04 15:52:41 | 00,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009.11.04 15:52:41 | 00,085,740 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2009.11.04 15:52:41 | 00,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009.11.04 15:52:40 | 01,078,502 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009.11.02 14:44:38 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.11.01 17:35:50 | 00,084,289 | ---- | M] () -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\mdbu.bin [2009.10.27 13:35:50 | 00,727,387 | ---- | M] () -- C:\Dokumente und Einstellungen\iris\Desktop\PICT0048.JPG [2009.10.25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe [2009.10.22 10:16:22 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2009.10.22 10:16:22 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2009.11.16 19:26:38 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2009.11.16 19:26:29 | 00,262,448 | ---- | C] () -- C:\cmldr [2009.11.16 19:21:51 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009.11.16 19:21:51 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009.11.16 19:21:51 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009.11.16 19:21:51 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2009.11.16 19:21:51 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009.11.16 19:18:04 | 03,560,773 | R--- | C] () -- C:\Dokumente und Einstellungen\iris\Desktop\cofi.exe [2009.11.16 19:12:09 | 03,148,854 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Desktop\fehler.bmp [2009.11.16 18:33:47 | 00,001,516 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Desktop\CCleaner.lnk [2009.11.16 11:40:47 | 00,291,840 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Desktop\mjp2vgv5.exe [2009.11.15 23:33:54 | 00,091,301 | ---- | C] () -- C:\WINDOWS\System32\inyasxy [2009.11.07 00:02:37 | 00,029,790 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Desktop\pod.jpg [2009.11.06 19:36:46 | 04,001,527 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Desktop\Studienarbeit_06112009.pdf [2009.11.06 13:49:39 | 00,124,821 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Desktop\rui.jpg [2009.11.06 13:25:37 | 00,568,101 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Desktop\100_1927.JPG [2009.11.02 14:44:38 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.10.27 13:35:44 | 00,727,387 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Desktop\PICT0048.JPG [2009.10.14 21:46:51 | 00,084,289 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\mdbu.bin [2009.07.09 00:35:57 | 00,000,046 | ---- | C] () -- C:\WINDOWS\mxcdr.INI [2009.07.02 08:19:08 | 00,002,465 | R--- | C] () -- C:\WINDOWS\OOIDRV.INI [2009.06.05 14:26:28 | 00,000,222 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos3_5.INI [2009.06.05 14:13:06 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2009.06.05 14:07:58 | 00,000,085 | ---- | C] () -- C:\WINDOWS\magix.ini [2009.06.05 14:07:51 | 00,001,104 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2008.12.07 19:28:53 | 00,000,282 | ---- | C] () -- C:\WINDOWS\avwin.ini [2008.06.19 11:41:16 | 00,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2008.06.14 21:13:32 | 00,000,102 | ---- | C] () -- C:\WINDOWS\afarechner.INI [2008.05.26 14:53:48 | 00,000,073 | ---- | C] () -- C:\WINDOWS\MINDMA~1.INI [2008.05.13 22:45:41 | 00,001,385 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2007.11.26 22:40:28 | 00,000,658 | ---- | C] () -- C:\WINDOWS\Ulead32.ini [2007.11.17 21:33:19 | 00,403,167 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\mdb.bin [2007.11.17 19:24:37 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2007.11.17 19:24:37 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2007.11.17 19:24:37 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2007.11.17 19:24:36 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2007.11.17 19:24:36 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2007.09.30 17:56:30 | 00,010,752 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.08.09 12:24:56 | 06,427,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\iris\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2007.06.26 10:11:30 | 00,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2007.06.09 19:49:50 | 00,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll [2007.06.09 19:49:50 | 00,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll [2007.06.09 19:49:24 | 00,796,312 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2007.06.07 21:57:25 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2007.06.05 15:30:41 | 00,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.06.05 14:34:28 | 00,237,568 | ---- | C] () -- C:\WINDOWS\NwtGatewayDLL.dll [2007.06.05 14:34:28 | 00,001,109 | ---- | C] () -- C:\WINDOWS\NwtGatewayConfig.ini [2007.05.04 10:02:35 | 00,000,157 | ---- | C] () -- C:\WINDOWS\matlab.ini [2007.03.28 19:30:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2007.02.21 15:32:55 | 00,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI [2007.01.13 12:20:39 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll [2006.12.28 18:37:18 | 00,000,076 | ---- | C] () -- C:\WINDOWS\ds3sim.INI [2006.09.12 20:04:57 | 00,000,164 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006.07.30 15:18:51 | 00,000,030 | ---- | C] () -- C:\WINDOWS\avx.ini [2006.07.23 15:06:01 | 00,000,029 | ---- | C] () -- C:\WINDOWS\USB Downloader.INI [2006.07.03 17:57:50 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\wordinst.dll [2006.07.03 12:37:54 | 00,058,608 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2006.07.03 11:11:24 | 00,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.07.03 01:27:53 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\desktop.ini [2006.07.03 01:27:52 | 00,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.06.29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006.06.29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006.04.18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006.04.18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2005.12.20 12:45:54 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.12.20 11:56:00 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2005.12.20 11:56:00 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2005.12.20 11:56:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2005.12.20 11:56:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2005.12.20 11:56:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2005.12.20 11:56:00 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2005.12.20 11:39:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI [2005.12.19 16:04:13 | 00,000,941 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005.12.19 15:35:12 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini [2005.12.19 07:27:30 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2005.12.19 07:27:18 | 00,004,152 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005.12.19 07:26:48 | 00,000,626 | ---- | C] () -- C:\WINDOWS\win.ini [2005.12.19 07:26:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2005.09.02 13:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005.07.22 20:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004.07.20 16:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004.01.15 13:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll [2003.02.20 17:53:42 | 00,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI < End of report > |
|
16.11.2009, 23:25
| #7 |
| | TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll Extras Code:
ATTFilter OTL Extras logfile created on: 16.11.2009 23:04:45 - Run 4
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,11 Mb Total Physical Memory | 598,20 Mb Available Physical Memory | 58,99% Memory free
1,63 Gb Paging File | 1,29 Gb Available in Paging File | 79,20% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 19,59 Gb Free Space | 52,58% Space Free | Partition Type: NTFS
Drive D: | 30,28 Gb Total Space | 21,96 Gb Free Space | 72,52% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1,91 Gb Total Space | 0,69 Gb Free Space | 36,07% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: xxx_VAIO
Current User Name: xxx
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
h**p [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
h**ps [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\concept design\onlineTV 3\onlineTV.exe" = C:\Programme\concept design\onlineTV 3\onlineTV.exe:*:Enabled:onlineTV -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Autodesk\Backburner\monitor.exe" = C:\Programme\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Programme\Autodesk\Backburner\manager.exe" = C:\Programme\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Programme\Autodesk\Backburner\server.exe" = C:\Programme\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Programme\Autodesk\3ds Max 2009\3dsmax.exe" = C:\Programme\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit -- (Autodesk, Inc.)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06865995-6BBC-4038-9FE0-F0CFD7F81938}" = Nova
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{14583268-CF6A-4003-A3EA-0CAC77C978D3}" = Mindjet MindManager Pro 6
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1C70BE80-35E0-46DA-B81D-5BF5652F8D80}" = AV Mode Button Utility
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
|
|
17.11.2009, 12:18
| #8 |
| | TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll Logfile von JavaRa hatte ich vergessen zu posten Code:
ATTFilter JavaRa 1.15 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Mon Nov 16 22:41:32 2009
Found and removed: C:\Programme\Java\j2re1.4.2
Found and removed: C:\Programme\Java\jre1.5.0_05
Found and removed: C:\Programme\Java\jre1.6.0_02
Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142000}
------------------------------------
Finished reporting.
|
|
17.11.2009, 12:37
| #9 |
| | TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll Beide OTL Logs Code:
ATTFilter OTL logfile created on: 17.11.2009 12:28:50 - Run 5 OTL by OldTimer - Version 3.1.5.0 Folder = C:\Dokumente und Einstellungen\xxx\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,11 Mb Total Physical Memory | 590,12 Mb Available Physical Memory | 58,19% Memory free 1,63 Gb Paging File | 1,28 Gb Available in Paging File | 78,35% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,26 Gb Total Space | 19,06 Gb Free Space | 51,15% Space Free | Partition Type: NTFS Drive D: | 30,28 Gb Total Space | 21,96 Gb Free Space | 72,50% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 1,91 Gb Total Space | 0,69 Gb Free Space | 36,07% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: xxx_VAIO Current User Name: xxx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC) PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe () PRC - C:\Programme\Multimedia Mouse Driver\MouseDrv.exe () PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Mindjet\MindManager 6\MmReminderService.exe (Mindjet) PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation) PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Autodesk Licensing Service) -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC) SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SRV - (mi-raysat_3dsMax2009_32) -- C:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe () SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (S24EventMonitor) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis) DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis) DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis) DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (aksusb) -- C:\WINDOWS\system32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.) DRV - (akshasp) -- C:\WINDOWS\system32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.) DRV - (AegisP) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant) DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (BVRP Software) DRV - (RimSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (E100B) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation) DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (SPI) -- C:\WINDOWS\system32\drivers\SonyPI.sys (Sony Corporation) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) |
|
17.11.2009, 12:38
| #10 |
| | TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dllCode:
ATTFilter ========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.0.1;127.0.0.1;localhost;;;;;;;;;;;;;;;;;;;;;;;;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.0.1:3128;https=192.168.0.1:3128;ftp=192.168.0.1:3128;gopher=192.168.0.1:3128;socks=192.168.0.1:1080
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.2.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5
FF - prefs.js..network.proxy.http: "192.168.0.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.07 10:21:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2009.11.16 23:00:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.03.09 10:06:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.11.17 12:22:34 | 00,000,000 | ---D | M]
[2009.03.09 10:06:50 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions
[2009.03.09 10:06:50 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.11.17 12:13:24 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\tm5unjcn.default\extensions
[2009.09.08 10:00:22 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\tm5unjcn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.09.15 10:07:35 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\tm5unjcn.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009.09.15 10:07:28 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\tm5unjcn.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.11.17 12:13:19 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\tm5unjcn.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.11.17 12:13:25 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.03.09 10:06:31 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.11.16 23:00:44 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009.03.09 10:06:11 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll
[2009.03.09 10:06:11 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll
[2009.11.16 23:00:17 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll
[2009.03.09 10:06:21 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll
[2009.02.27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Mozilla Firefox\plugins\nppdf32.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
[2009.11.06 09:20:16 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Programme\Mozilla Firefox\plugins\np_gp.dll
[2009.03.09 10:06:23 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.03.09 10:06:23 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.03.09 10:06:24 | 00,001,706 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml
[2009.03.09 10:06:24 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.03.09 10:06:24 | 00,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.03.09 10:06:24 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 6\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [WireLessMouse] C:\Programme\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [Skype] C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range78 ([*] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab (Java Plug-in 1.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.19 15:43:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 30 Days ==========
[2009.11.17 12:20:11 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop\Installationsprogramm für Adobe Reader 9
[2009.11.17 12:13:25 | 00,000,000 | ---D | C] -- C:\Programme\NOS
[2009.11.17 12:13:25 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS
[2009.11.16 23:56:38 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes
[2009.11.16 23:56:29 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.11.16 23:56:24 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.11.16 23:56:24 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2009.11.16 23:56:23 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2009.11.16 23:47:29 | 00,000,000 | ---D | C] -- C:\_OTL
[2009.11.16 23:00:41 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009.11.16 23:00:41 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009.11.16 23:00:41 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009.11.16 23:00:41 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009.11.16 23:00:41 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009.11.16 19:26:26 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009.11.16 19:21:51 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009.11.16 19:21:51 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009.11.16 19:21:51 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009.11.16 19:21:51 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009.11.16 19:21:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.11.16 19:19:13 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.11.16 18:56:08 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxx\Recent
[2009.11.16 18:33:46 | 00,000,000 | ---D | C] -- C:\Programme\CCleaner
[2009.11.16 11:37:44 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
[2009.11.12 12:14:41 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009.11.12 12:14:03 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Dokumente und Einstellungen\xxx\Desktop\VundoFix.exe
[2009.11.12 11:59:39 | 00,000,000 | ---D | C] -- C:\Programme\HijackThis
[2009.11.02 14:44:37 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\skypePM
[2009.11.02 14:32:22 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Skype
[2009.11.02 14:31:03 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2009.11.02 14:30:58 | 00,000,000 | R--D | C] -- C:\Programme\Skype
[2009.11.02 14:30:49 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
|
|
| Themen zu TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll |
| 32-bit, ad-aware, antivir, antivir guard, ask toolbar, avg, avira, desktop, excel, fehlermeldung, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, logfile, monitor, programm, realtek, software, system, tdlwsp.dll, toolbars, tr/vundo.gen, trojaner, virus, windows, windows xp |
Hybrid-Darstellung
