| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dllWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.11.2009, 09:00
| #1 |
| |  ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll Ich habe mir leider ebenfalls einen TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll eingefangen. Avast und Windows Defender finden ihn mehrmals täglich und er wird von mir gelöscht. Nach einiger Zeit taucht er aber immer wieder auf. Wie in einem anderen Beitrag gewünscht, poste ich mal ein paar Logs OTL.TXT Part1 Code:
ATTFilter OTL logfile created on: 14.11.2009 08:52:02 - Run 1 OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Andy\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,11% Memory free 4,00 Gb Paging File | 2,16 Gb Available in Paging File | 53,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 12,51 Gb Free Space | 25,62% Space Free | Partition Type: NTFS Drive D: | 249,25 Gb Total Space | 160,88 Gb Free Space | 64,55% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 3,68 Gb Total Space | 2,65 Gb Free Space | 71,99% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANDY-LAPTOP Current User Name: Andy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Andy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.) PRC - C:\Programme\Skype\Plugin Manager\skypePM.exe (Skype Technologies) PRC - C:\Programme\TeamViewer\Version4\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Analogue Vista Clock\Analogue Vista Clock.exe () PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation) PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG) PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Belkin\Network USB Hub Control Center\Connect.exe (Belkin International, Inc.) PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) PRC - C:\Programme\WallpaperSS\WallpaperSS.exe (Gianpaolo Bottin) PRC - C:\Windows\System32\IoctlSvc.exe (Prolific Technology Inc.) PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.) PRC - C:\Programme\Bonjour\mDNSResponder.exe (Apple Computer, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Andy\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\TeamViewer\Version4\TV.dll (TeamViewer GmbH) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (NMIndexingService) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG) SRV - (Nero BackItUp Scheduler 3) -- C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG) SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (EvtEng) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\System32\IoctlSvc.exe (Prolific Technology Inc.) SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation) SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.) SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.) ========== Driver Services (SafeList) ========== DRV - (VMnetBridge) -- C:\Windows\System32\vmnetbridge.dll (VMware, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (RimVSerPort) -- C:\Windows\System32\drivers\RimSerial.sys (Research in Motion Ltd) DRV - (ROOTMODEM) -- C:\Windows\System32\drivers\rootmdm.sys (Microsoft Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (sxuptp) -- C:\Windows\System32\drivers\sxuptp.sys (silex technology, Inc.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant) DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://borussia.de/de/home,2,0.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://borussia.de/de/home,2,0.html|http://fohlen.tv/de/videos.php|http://torfabrik.de/|http://heinsberger-fungamer.de/|http://heinsberger-fungamer.de/v2/includes/formular.php" FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.08.30 20:50:05 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.09.13 14:26:22 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.01 18:43:03 | 00,000,000 | ---D | M] [2009.09.07 18:34:57 | 00,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions [2009.09.07 18:34:57 | 00,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009.10.18 08:42:27 | 00,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\zlu7phu5.default\extensions [2009.09.07 19:11:12 | 00,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\zlu7phu5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.05 20:59:13 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.09.13 14:26:22 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009.09.13 14:26:16 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll [2009.09.13 14:26:16 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll [2009.11.01 18:42:33 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll [2009.09.13 14:26:19 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll [2009.07.30 23:59:14 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.07.30 23:59:14 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.07.31 00:39:06 | 00,002,371 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml [2009.07.30 23:59:14 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.09.13 14:26:19 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.07.30 23:59:14 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (TBSB03700 Class) - {4E45B936-ACEA-4BE3-8F68-B1A3014867AC} - C:\Programme\IEToolbar\Ghost-of-usenet Toolbar\tbu04360\tbcore3.dll () O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Ghost-of-usenet Toolbar) - {10000000-1000-1000-1000-100000000000} - C:\Programme\IEToolbar\Ghost-of-usenet Toolbar\tbu04360\tbcore3.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Ghost-of-usenet Toolbar) - {10000000-1000-1000-1000-100000000000} - C:\Programme\IEToolbar\Ghost-of-usenet Toolbar\tbu04360\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Analogue Vista Clock] C:\Programme\Analogue Vista Clock\Analogue Vista Clock.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKCU..\Run: [WallpaperSS] C:\Programme\WallpaperSS\WallpaperSS.exe (Gianpaolo Bottin) O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Netzwerk USB-Hub Kontrollzentrum.lnk = C:\Programme\Belkin\Network USB Hub Control Center\Connect.exe (Belkin International, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 |
|
14.11.2009, 09:01
| #2 |
| | ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll OTL.TXT Part2
__________________Code:
ATTFilter O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{03a04902-9f11-11de-b28c-001fe1f25394}\Shell - "" = AutoRun
O33 - MountPoints2\{03a04902-9f11-11de-b28c-001fe1f25394}\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 30 Days ==========
[2009.11.14 08:50:55 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2009.11.11 18:08:00 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009.11.11 18:07:56 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009.11.09 22:31:43 | 00,000,000 | ---D | C] -- C:\Users\Andy\Documents\FUSSBALL MANAGER 10 ONLINE
[2009.11.09 22:25:22 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2009.11.09 22:25:20 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2009.11.09 22:10:55 | 00,000,000 | ---D | C] -- C:\Users\Andy\Documents\FUSSBALL MANAGER 10
[2009.11.09 21:52:00 | 00,000,000 | ---D | C] -- C:\Programme\EA SPORTS
[2009.11.08 17:48:04 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.11.08 17:48:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.11.08 17:48:02 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2009.11.08 12:39:15 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009.11.08 12:39:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009.11.08 12:39:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009.11.05 21:35:39 | 00,028,416 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\System32\uxtuneup.dll
[2009.11.05 21:35:39 | 00,016,640 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\System32\authuitu.dll
[2009.11.05 21:35:32 | 00,361,728 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\System32\TuneUpDefragService.exe
[2009.11.05 21:35:31 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\TuneUp Software
[2009.11.05 21:35:04 | 00,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2009.11.05 21:35:04 | 00,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2009.11.05 21:34:48 | 00,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2008
[2009.11.05 07:04:12 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic Anti-Virus PLUS
[2009.11.05 07:04:12 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2009.11.05 07:04:12 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic Anti-Virus PLUS
[2009.11.05 07:04:12 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2009.11.05 07:04:12 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\ParetoLogic
[2009.11.04 20:05:41 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Malwarebytes
[2009.11.04 20:05:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.11.04 20:05:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.11.04 20:00:35 | 00,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2009.11.04 19:46:34 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009.11.04 07:10:44 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009.11.04 07:10:44 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009.11.04 07:10:44 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009.11.04 07:10:19 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009.11.04 07:10:19 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009.11.04 07:10:18 | 00,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009.11.04 07:10:18 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009.11.04 07:10:17 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009.11.04 07:10:17 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009.11.04 07:10:17 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009.11.04 07:10:17 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009.11.04 07:10:17 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009.11.04 07:10:17 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009.11.04 07:10:17 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009.11.04 07:10:17 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009.11.04 07:10:17 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009.11.04 07:10:17 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009.11.04 07:10:17 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009.11.04 07:10:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009.11.04 07:10:16 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009.11.04 07:10:16 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009.11.04 07:10:16 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009.11.04 07:10:16 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009.11.04 07:10:16 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009.11.04 07:10:16 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009.11.04 07:10:16 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009.11.04 07:10:16 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009.11.04 07:10:16 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009.11.04 07:10:16 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009.11.04 07:10:16 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009.11.04 07:09:50 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdbusenum.dll
[2009.11.04 07:09:50 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009.11.04 07:09:50 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009.11.04 07:09:44 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009.11.04 07:09:41 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdshext.dll
[2009.11.04 07:09:41 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009.11.04 07:09:41 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009.11.04 07:09:41 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009.11.04 07:09:41 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
[2009.11.04 07:09:41 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009.11.04 07:09:41 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WpdUsb.sys
[2009.11.04 07:09:41 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009.11.04 07:09:40 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009.11.04 07:09:40 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009.11.04 07:09:40 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009.11.04 07:09:38 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009.11.04 07:08:40 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009.11.04 07:08:39 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009.11.04 07:08:39 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[2009.11.04 06:14:00 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009.11.04 06:13:59 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009.11.03 18:27:38 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\thecleaner
[2009.11.03 01:48:06 | 00,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2009.11.01 18:43:03 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009.11.01 00:17:54 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\VMware
[2009.11.01 00:07:08 | 00,051,248 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetbridge.dll
[2009.11.01 00:02:27 | 00,000,000 | ---D | C] -- C:\ProgramData\VMware
[2009.11.01 00:02:27 | 00,000,000 | ---D | C] -- C:\ProgramData\VMware
[2009.10.29 18:06:52 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009.10.29 18:06:52 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009.10.29 18:06:52 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009.10.29 18:06:51 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009.10.29 18:06:26 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009.10.29 18:06:26 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009.10.29 18:06:26 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009.10.29 18:06:01 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009.10.29 18:06:01 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009.10.28 18:01:14 | 10,627,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009.10.28 18:01:11 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009.10.28 18:01:09 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009.10.27 18:00:55 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\dvdcss
[2009.10.22 18:05:13 | 00,000,000 | ---D | C] -- C:\Users\Andy\Documents\eagle
[2009.10.22 18:02:21 | 00,000,000 | ---D | C] -- C:\Programme\EAGLE-5.6.0
[2009.10.22 18:02:16 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\CadSoft
[2009.10.19 17:22:17 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009.10.18 12:15:52 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\2K Sports
[2009.10.18 12:12:09 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2009.10.18 12:12:09 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2009.10.18 12:12:08 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2009.10.18 12:12:08 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2009.10.18 12:12:08 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2009.10.18 12:12:08 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2009.10.18 12:12:08 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2009.10.18 12:12:07 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2009.10.18 12:12:07 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2009.10.18 12:12:07 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2009.10.18 12:12:07 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2009.10.18 12:12:07 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2009.10.18 12:12:06 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2009.10.18 12:12:06 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2009.10.18 12:12:06 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2009.10.18 12:12:06 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2009.10.18 12:12:06 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2009.10.18 12:12:06 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2009.10.18 12:12:05 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2009.10.18 12:12:05 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2009.10.18 12:12:05 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2009.10.18 12:12:05 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2009.10.18 12:12:05 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2009.10.18 12:12:05 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2009.10.18 12:12:04 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2009.10.18 12:12:04 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2009.10.18 12:12:03 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2009.10.18 12:12:03 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2009.10.18 12:12:03 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2009.10.18 12:12:03 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2009.10.18 12:12:03 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2009.10.18 12:12:02 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2009.10.18 12:12:02 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2009.10.18 12:12:02 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2009.10.18 12:12:02 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2009.10.18 12:12:02 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2009.10.18 12:12:02 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2009.10.18 12:12:01 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2009.10.18 12:12:01 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2009.10.18 12:11:59 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2009.10.18 12:11:59 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2009.10.18 12:11:59 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2009.10.18 12:11:59 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2009.10.18 12:11:59 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2009.10.18 12:11:58 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009.10.18 12:11:58 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2009.10.18 12:11:58 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2009.10.18 12:11:58 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2009.10.18 12:11:58 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2009.10.18 12:11:57 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2009.10.18 12:11:57 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2009.10.18 12:11:57 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2009.10.18 12:11:57 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2009.10.18 12:11:57 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2009.10.18 12:11:57 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2009.10.18 12:11:49 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2009.10.18 12:11:49 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2009.10.18 12:11:49 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2009.10.18 12:11:47 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2009.10.18 12:11:47 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2009.10.18 12:11:46 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2009.10.18 12:11:46 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2009.10.18 11:43:43 | 00,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2009.10.17 11:09:54 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\iWin
[2009.10.17 11:09:32 | 00,000,000 | ---D | C] -- C:\Programme\iWin.com Games
[2009.10.16 18:04:19 | 00,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL
|
|
14.11.2009, 09:03
| #3 |
| | ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll OTL.TXT Part 3
__________________Code:
ATTFilter ========== Files - Modified Within 30 Days ==========
[2009.11.14 08:55:09 | 02,883,584 | -HS- | M] () -- C:\Users\Andy\NTUSER.DAT
[2009.11.14 08:53:18 | 00,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{72D9C561-71C8-489D-8123-46D1403D1EF7}.job
[2009.11.14 08:51:09 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2009.11.14 08:50:52 | 00,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.11.14 08:50:52 | 00,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.11.14 08:00:00 | 00,000,498 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2009.11.13 18:54:04 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009.11.13 18:54:04 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009.11.13 18:54:03 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009.11.13 18:54:03 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009.11.13 18:00:00 | 00,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2009.11.13 16:50:47 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.11.12 03:23:51 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.11.12 03:23:39 | 01,676,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.11.12 03:21:40 | 00,524,288 | -HS- | M] () -- C:\Users\Andy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.11.12 03:21:40 | 00,065,536 | -HS- | M] () -- C:\Users\Andy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009.11.12 03:21:14 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009.11.12 03:20:47 | 04,176,664 | -H-- | M] () -- C:\Users\Andy\AppData\Local\IconCache.db
[2009.11.11 19:11:13 | 01,456,404 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.11.11 19:11:13 | 00,632,420 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2009.11.11 19:11:13 | 00,598,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.11.11 19:11:13 | 00,128,616 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2009.11.11 19:11:13 | 00,106,120 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.11.09 22:26:55 | 00,001,020 | ---- | M] () -- C:\Users\Andy\Desktop\Manager10.exe.lnk
[2009.11.07 18:35:30 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009.11.05 21:35:32 | 00,361,728 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\System32\TuneUpDefragService.exe
[2009.11.05 21:35:21 | 00,000,957 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2008.lnk
[2009.11.05 21:35:21 | 00,000,599 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2009.11.05 21:26:14 | 04,544,544 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2009.11.05 21:26:14 | 00,064,028 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2009.11.05 18:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009.11.05 18:02:00 | 00,003,153 | ---- | M] () -- C:\rollback.ini
[2009.11.04 19:55:33 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009.11.04 19:49:11 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009.11.03 18:26:04 | 00,000,100 | ---- | M] () -- C:\index.ini
[2009.11.02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009.11.01 20:20:48 | 00,012,800 | ---- | M] () -- C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.01 18:42:30 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009.11.01 18:04:04 | 00,000,600 | ---- | M] () -- C:\Users\Andy\AppData\Local\PUTTY.RND
[2009.11.01 00:04:45 | 00,001,024 | ---- | M] () -- C:\.rnd
[2009.10.29 19:42:39 | 00,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin
[2009.10.22 00:13:32 | 00,051,248 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetbridge.dll
[2009.10.21 11:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009.10.21 09:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009.10.18 11:29:59 | 00,050,110 | ---- | M] () -- C:\Users\Andy\Documents\Stadtmeister2007.pdf
[2009.10.18 08:52:31 | 00,002,647 | ---- | M] () -- C:\Users\Andy\Desktop\Microsoft FrontPage.lnk
[2009.10.17 11:09:53 | 00,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Quest III.lnk
========== Files Created - No Company Name ==========
[2009.11.09 22:26:30 | 00,001,020 | ---- | C] () -- C:\Users\Andy\Desktop\Manager10.exe.lnk
[2009.11.05 21:35:49 | 00,000,498 | ---- | C] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2009.11.05 21:35:21 | 00,000,957 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2008.lnk
[2009.11.05 21:35:21 | 00,000,599 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2009.11.05 18:02:00 | 00,003,153 | ---- | C] () -- C:\rollback.ini
[2009.11.05 17:53:43 | 00,000,440 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2009.11.05 07:14:57 | 04,544,544 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009.11.05 07:14:57 | 00,064,028 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2009.11.04 19:55:33 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009.11.04 19:49:11 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009.11.03 18:26:04 | 00,000,100 | ---- | C] () -- C:\index.ini
[2009.11.01 00:04:45 | 00,001,024 | ---- | C] () -- C:\.rnd
[2009.10.31 15:30:50 | 00,000,600 | ---- | C] () -- C:\Users\Andy\AppData\Local\PUTTY.RND
[2009.10.18 11:29:59 | 00,050,110 | ---- | C] () -- C:\Users\Andy\Documents\Stadtmeister2007.pdf
[2009.10.17 11:09:53 | 00,001,941 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest III.lnk
[2009.09.30 22:09:37 | 00,000,751 | ---- | C] () -- C:\Windows\EPICWIN.INI
[2009.09.29 17:05:24 | 00,092,664 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2009.09.26 19:55:44 | 00,012,800 | ---- | C] () -- C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.12 16:19:50 | 00,000,095 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\default.pls
[2009.09.12 16:19:36 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.11 21:03:20 | 00,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.09.08 19:01:56 | 00,002,724 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.09.08 19:01:56 | 00,000,088 | RHS- | C] () -- C:\ProgramData\4C49EBFC1F.sys
[2009.09.08 18:08:33 | 00,000,089 | ---- | C] () -- C:\Windows\ULead32.ini
[2009.09.01 23:36:18 | 00,237,568 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2009.09.01 23:36:18 | 00,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2009.08.30 22:56:50 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.30 20:49:36 | 00,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.30 20:24:00 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.08.30 20:04:14 | 00,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.30 20:03:55 | 00,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.30 19:19:06 | 04,176,664 | -H-- | C] () -- C:\Users\Andy\AppData\Local\IconCache.db
[2009.08.30 19:07:13 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009.08.30 18:46:35 | 00,092,664 | ---- | C] () -- C:\Users\Andy\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.08.30 18:46:09 | 00,000,680 | ---- | C] () -- C:\Users\Andy\AppData\Local\d3d9caps.dat
[2009.08.10 05:38:02 | 00,081,920 | ---- | C] () -- C:\Windows\System32\MPMapTrace.dll
[2009.08.10 05:02:44 | 00,364,544 | ---- | C] () -- C:\Windows\System32\mpPathan.dll
[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.07.25 15:40:02 | 00,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006.12.13 15:03:14 | 00,074,240 | ---- | C] () -- C:\Windows\System32\zlibwapi.dll
[2006.11.02 13:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006.11.02 13:37:35 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006.11.02 13:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006.11.02 13:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 13:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:23:31 | 00,000,273 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >
|
|
14.11.2009, 09:05
| #4 |
| | ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll Extras.txt Part1 Code:
ATTFilter OTL Extras logfile created on: 14.11.2009 08:52:02 - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Andy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,11% Memory free
4,00 Gb Paging File | 2,16 Gb Available in Paging File | 53,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 12,51 Gb Free Space | 25,62% Space Free | Partition Type: NTFS
Drive D: | 249,25 Gb Total Space | 160,88 Gb Free Space | 64,55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 3,68 Gb Total Space | 2,65 Gb Free Space | 71,99% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ANDY-LAPTOP
Current User Name: Andy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4205034860-1355971374-617994796-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C6071E-F87F-4E6A-A139-9ECCBECE7FD0}" = lport=138 | protocol=17 | dir=in | app=system |
"{1FF8A67A-CBDD-4855-BC7E-9FA1545954EB}" = rport=445 | protocol=6 | dir=out | app=system |
"{44682ABE-5DA5-4117-B308-5FDA453103BD}" = lport=139 | protocol=6 | dir=in | app=system |
"{451028E7-EEF0-4B2B-9577-B95A6D571E08}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4CC4836F-2C91-489C-99FF-55BBC3D7F01C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{568A8668-8168-44CC-8C1C-721975F89196}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |
"{5E62C533-063E-4983-8ABF-7B57F276521E}" = rport=138 | protocol=17 | dir=out | app=system |
"{7518D950-BAB6-45BA-A49A-BB31F61E77B7}" = lport=137 | protocol=17 | dir=in | app=system |
"{A3A76D57-46AB-4989-A12B-90581E70E186}" = lport=445 | protocol=6 | dir=in | app=system |
"{A5EBD435-C215-43F8-82AE-DD16258CEBC8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A6D6BD4C-E88A-4A3C-9857-EFADD59631F7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AA95AD53-8751-4F20-966F-0E5027353FB1}" = rport=139 | protocol=6 | dir=out | app=system |
"{AB82855B-1C3E-465F-9555-D66BBD9A4203}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E70D8960-CFB7-4EFB-8BBF-4C65F3A5F4CB}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A86A351-AFCB-48D4-9E2A-69DFC0E9727B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{0CB6657C-EB9E-417A-A665-8AB19137BA8D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{18B72D32-8521-4DE1-8AD7-E31EB73E4B85}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{274AA6BD-696B-4F03-8D02-FC44D1555CD2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{319054B5-6073-4D2B-818A-CE57F0C0A5D9}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{33B215D5-04C3-453E-A921-BD836F5F640E}" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |
"{44876100-F406-4AB8-8930-7D8D0F2496A1}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{82931EAB-8917-40D3-B9E9-364B500D0F1E}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{BC2F6510-44CD-4822-A441-8D82A39DD3BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DA9BB6F7-7440-4437-AF8C-115A1C4EFA04}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DE5CA58B-4062-4734-AE58-0F84E2FAC259}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{EC2C6E10-47E8-497E-B953-B08CA39D4119}" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |
"{ED200154-C465-45A9-A1BC-A2D471176DFE}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{EF1962DD-742D-47E5-A0E4-E1398ABDC9BC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FDF2B8C0-F171-4AB4-B365-D197CD0CA5E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{28787731-297E-439D-A008-27AD549EA216}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2C9EE405-5066-4128-BAD9-CCAABB97ADA1}D:\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=d:\nba 2k10\nba2k10.exe |
"TCP Query User{3833869B-DDC9-4573-99C9-301C8C36C4DC}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"TCP Query User{581BF933-368D-4DD2-BFF1-F1FE1528AF6A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{7302D02A-D8CB-4994-8525-B561262462D1}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{7F8DC342-1218-42D4-876A-7EE597BECAF9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{8872C96E-19D8-42C2-92CD-0E66F220F465}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{BAF32110-7922-4449-9708-C675708C1691}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |
"TCP Query User{DDD5A00A-7D2C-464B-8CA4-00DCD24F9898}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"TCP Query User{E4EFDBC1-AA82-45B1-9585-859D4FCD66C2}C:\program files\idm computer solutions\ultraedit\uedit32.exe" = protocol=6 | dir=in | app=c:\program files\idm computer solutions\ultraedit\uedit32.exe |
"UDP Query User{00CD57A7-432A-49E3-8DFA-07DB202C3A08}C:\program files\idm computer solutions\ultraedit\uedit32.exe" = protocol=17 | dir=in | app=c:\program files\idm computer solutions\ultraedit\uedit32.exe |
"UDP Query User{168E7E0C-839E-4A4E-B05E-B5D871619F77}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{17148686-ED21-44AA-8B2F-0FFC4885172F}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |
"UDP Query User{199B40FB-B2BD-4CE7-B8B5-95D95199980E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{50D929B6-F1D0-4945-A4C4-A7BE4C799C98}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{57BD392C-C8B0-440D-AB1B-CA839104958D}D:\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=d:\nba 2k10\nba2k10.exe |
"UDP Query User{6638212E-7D88-41D4-BF23-59FA9BB47DDD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{668BE63C-D8DB-44EE-AFBA-0EF6253B7373}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{E302082A-8C13-4E75-99AA-9733EA86F4FA}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{ECADE100-C40B-4132-8C0A-9EFFB843210C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 6.5 Build #1042 Banner Remover 1.2
"{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{58A49B80-2595-4C9D-B3EB-261E68A2C4D1}_is1" = Wallpaper SlideShow LT 1.3.0
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91FE9A2C-2FBD-4B48-B835-89BC0E943DBB}" = MPLAB Tools v8.36
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{AFC7E003-9CA8-4F68-AAB2-155D0CDF5AED}" = UltraEdit 15.00
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Analogue Vista Clock" = Analogue Vista Clock 1.18
"avast!" = avast! Antivirus
"Belkin Network USB Hub Control Center" = Belkin Netzwerk USB-Hub Kontrollzentrum
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"EAGLE 5.6.0" = EAGLE 5.6.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"InstallShield_{91FE9A2C-2FBD-4B48-B835-89BC0E943DBB}" = MPLAB Tools v8.36
"Jewel Quest III" = Jewel Quest III (nur deinstallation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"Target 3001! V14 discover" = Target 3001! V14 discover
"TBSB03700.TBSB03700Toolbar" = Ghost-of-usenet Toolbar
"TeamViewer 4" = TeamViewer 4
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
|
|
14.11.2009, 09:06
| #5 |
| | ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll Extras.txt Part2 Code:
ATTFilter ========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 07.09.2009 12:29:09 | Computer Name = Andy-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\howto\email\1.jpg failed, 00000016.
Error - 12.09.2009 12:35:43 | Computer Name = Andy-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\howto\email\1.jpg failed, 00000016.
Error - 04.10.2009 13:41:59 | Computer Name = Andy-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\192.168.0.16\hd (e)\Request\Appz\Microsoft Office 2007 Enterprise\hs-oe7de.bin
failed, 00000040.
Error - 31.10.2009 18:51:51 | Computer Name = Andy-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://saimei.acc.umu.se/debian-cd/5.0.3/i386/iso-dvd/debian-503-i386-DVD-1.iso
failed, 00000084.
Error - 31.10.2009 18:52:09 | Computer Name = Andy-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://gensho.acc.umu.se/debian-cd/5.0.3/i386/iso-dvd/debian-503-i386-DVD-2.iso
failed, 00000084.
Error - 31.10.2009 18:52:35 | Computer Name = Andy-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://gensho.acc.umu.se/debian-cd/5.0.3/i386/iso-dvd/debian-503-i386-DVD-3.iso
failed, 00000084.
Error - 31.10.2009 18:52:47 | Computer Name = Andy-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://laotzu.acc.umu.se/debian-cd/5.0.3/i386/iso-dvd/debian-503-i386-DVD-4.iso
failed, 00000084.
Error - 31.10.2009 18:52:59 | Computer Name = Andy-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://caesar.acc.umu.se/debian-cd/5.0.3/i386/iso-dvd/debian-503-i386-DVD-5.iso
failed, 00000084.
[ Application Events ]
Error - 09.11.2009 14:19:45 | Computer Name = Andy-Laptop | Source = VSS | ID = 8194
Description =
Error - 09.11.2009 17:24:56 | Computer Name = Andy-Laptop | Source = VSS | ID = 8194
Description =
Error - 09.11.2009 17:25:24 | Computer Name = Andy-Laptop | Source = System Restore | ID = 8193
Description =
Error - 09.11.2009 21:03:45 | Computer Name = Andy-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Manager10.exe, Version 1.0.0.0, Zeitstempel
0x4aca3a81, fehlerhaftes Modul GfxCore.dll, Version 0.0.0.0, Zeitstempel 0x4aca3946,
Ausnahmecode 0xc0000005, Fehleroffset 0x00245efe, Prozess-ID 0x7ac, Anwendungsstartzeit
01ca61862ba84380.
Error - 10.11.2009 13:20:23 | Computer Name = Andy-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 11.11.2009 01:49:12 | Computer Name = Andy-Laptop | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.18828 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1304 Anfangszeit: 01ca6291faa7d720 Zeitpunkt
der Beendigung: 52
Error - 11.11.2009 13:00:43 | Computer Name = Andy-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 11.11.2009 22:24:19 | Computer Name = Andy-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 12.11.2009 12:57:06 | Computer Name = Andy-Laptop | Source = VSS | ID = 8194
Description =
Error - 13.11.2009 13:52:44 | Computer Name = Andy-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Manager10.exe, Version 1.0.0.0, Zeitstempel
0x4aca3a81, fehlerhaftes Modul nvd3dum.dll, Version 8.16.11.8681, Zeitstempel 0x4a8c758a,
Ausnahmecode 0xc0000005, Fehleroffset 0x003a0c2b, Prozess-ID 0xdb0, Anwendungsstartzeit
01ca64890c3cd190.
[ OSession Events ]
Error - 01.11.2009 13:52:19 | Computer Name = Andy-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 109
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 30.08.2009 18:30:14 | Computer Name = Andy-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 30.08.2009 20:31:10 | Computer Name = Andy-Laptop | Source = WPDMTPDriver | ID = 80838
Description =
Error - 30.08.2009 20:31:10 | Computer Name = Andy-Laptop | Source = WPDMTPDriver | ID = 80836
Description =
Error - 31.08.2009 00:31:34 | Computer Name = Andy-Laptop | Source = WPDMTPDriver | ID = 80838
Description =
Error - 31.08.2009 00:31:34 | Computer Name = Andy-Laptop | Source = WPDMTPDriver | ID = 80836
Description =
Error - 31.08.2009 11:55:04 | Computer Name = Andy-Laptop | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 31.08.2009 13:48:10 | Computer Name = Andy-Laptop | Source = Service Control Manager | ID = 7009
Description =
Error - 31.08.2009 13:48:10 | Computer Name = Andy-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 31.08.2009 14:58:50 | Computer Name = Andy-Laptop | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 31.08.2009 16:24:30 | Computer Name = Andy-Laptop | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
< End of report >
|
|
14.11.2009, 09:07
| #6 |
| | ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll Hijackthis.txt Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:06:19, on 14.11.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\OEM02Mon.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe C:\Program Files\ICQ6.5\ICQ.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\WallpaperSS\WallpaperSS.exe C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\system32\conime.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://borussia.de/de/home,2,0.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: TBSB03700 - {4E45B936-ACEA-4BE3-8F68-B1A3014867AC} - C:\Program Files\IEToolbar\Ghost-of-usenet Toolbar\tbu04360\tbcore3.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Ghost-of-usenet Toolbar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\Ghost-of-usenet Toolbar\tbu04360\tbcore3.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Analogue Vista Clock] C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [WallpaperSS] C:\Program Files\WallpaperSS\WallpaperSS.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Belkin Netzwerk USB-Hub Kontrollzentrum.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: acaptuser32.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8731 bytes |
|
14.11.2009, 11:19
| #7 |
| | ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll Hey Andy, hier wurde das Problem besprochen und gelöst: Virus Tr/Vundo.Gen - Internet, Netzwerke und Security Wird dir hoffentlich bei dem Problem helfen. |
|
| Themen zu ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll |
| 0 bytes, adobe, audiodg.exe, avast!, bot, clock.exe, components, control center, corp./icp, defender, explorer, fontcache, format, helper, home, home premium, iexplore.exe, location, logfile, mozilla, netzwerk, nvlddmkm.sys, nvstor.sys, oldtimer, otl logfile, otl.exe, otl.txt, pdf, registry, searchplugins, security, skype.exe, software, sptd.sys, start menu, sttray.exe, system, tdlwsp.dll, toolbars, tr/vundo.gen, tuneup.defrag, usb, vista, windows |
Linear-Darstellung
