Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.11.2009, 13:01   #16
Inuschka
 
TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



Als letztes noch die Logfile von Gmer
Code:
ATTFilter
GMER 1.0.15.15227 - http://www.gmer.net
Rootkit scan 2009-11-16 12:35:26
Windows 5.1.2600 Service Pack 3
Running: mjp2vgv5.exe; Driver: C:\DOKUME~1\iris\LOKALE~1\Temp\ufliypoc.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                     ZwConnectPort [0xAA94E040]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                     ZwCreateFile [0xAA94A930]
SSDT            F7CE0A96                                                                                                                        ZwCreateKey
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                     ZwCreatePort [0xAA94E510]
SSDT            F7CE0A8C                                                                                                                        ZwCreateThread
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                     ZwCreateWaitablePort [0xAA94E600]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                     ZwDeleteFile [0xAA94AF20]
SSDT            F7CE0A9B                                                                                                                        ZwDeleteKey
SSDT            F7CE0AA5                                                                                                                        ZwDeleteValueKey
SSDT            F7CE0AAA                                                                                                                        ZwLoadKey
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                     ZwOpenFile [0xAA94AD70]
SSDT            F7CE0A78                                                                                                                        ZwOpenProcess
SSDT            F7CE0A7D                                                                                                                        ZwOpenThread
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                     ZwRenameKey [0xAA957250]
SSDT            F7CE0AB4                                                                                                                        ZwReplaceKey
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                     ZwRequestWaitReplyPort [0xAA94DC00]
SSDT            F7CE0AAF                                                                                                                        ZwRestoreKey
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                     ZwSetInformationFile [0xAA94B120]
SSDT            F7CE0AA0                                                                                                                        ZwSetValueKey
SSDT            F7CE0A87                                                                                                                        ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.rsrc           C:\WINDOWS\system32\drivers\atapi.sys                                                                                           entry point in ".rsrc" section [0xF7418780]
?               srescan.sys                                                                                                                     Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\Explorer.EXE[1876] WININET.dll!InternetReadFile                                                                      408C654B 5 Bytes  JMP 13159E5C 
.text           C:\WINDOWS\Explorer.EXE[1876] WININET.dll!InternetCloseHandle                                                                   408C9088 5 Bytes  JMP 1315A05C 
.text           C:\WINDOWS\Explorer.EXE[1876] WININET.dll!InternetQueryDataAvailable                                                            408CBF7F 5 Bytes  JMP 13159C7C 
.text           C:\WINDOWS\Explorer.EXE[1876] WININET.dll!HttpOpenRequestA                                                                      408CD508 5 Bytes  JMP 13158964 
.text           C:\WINDOWS\Explorer.EXE[1876] WININET.dll!InternetConnectA                                                                      408CDEAE 5 Bytes  JMP 1315880C 
.text           C:\WINDOWS\Explorer.EXE[1876] WININET.dll!HttpSendRequestW                                                                      408CFABE 5 Bytes  JMP 13159688 
.text           C:\WINDOWS\Explorer.EXE[1876] WININET.dll!InternetOpenA                                                                         408DD690 5 Bytes  JMP 131587C0 
.text           C:\WINDOWS\Explorer.EXE[1876] WININET.dll!HttpSendRequestA                                                                      408DEE89 5 Bytes  JMP 13159288 
.text           C:\WINDOWS\Explorer.EXE[1876] WININET.dll!InternetReadFileExW                                                                   408E3349 5 Bytes  JMP 1315A00C 
.text           C:\WINDOWS\Explorer.EXE[1876] WININET.dll!InternetReadFileExA                                                                   408E3381 5 Bytes  JMP 13159FBC 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                                        [AA952CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                                             [AA9531C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                                            [AA953320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                                                      [AA952E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]                                                        [AA952E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]                                                          [AA952CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]                                                               [AA9531C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]                                                              [AA953320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                                         [AA952CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                                       [AA952E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                                             [AA953320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                                              [AA9531C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                                                               [AA953320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                                                                [AA9531C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                                                           [AA952CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]                                                        [AA952E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]                                                          [AA952CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                                                               [AA9531C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]                                                              [AA953320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter]                                                             [AA953320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter]                                                              [AA9531C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol]                                                       [AA952E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol]                                                         [AA952CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]                                                         [AA952CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]                                                       [AA952E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]                                                             [AA953320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                                                              [AA9531C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[2096] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]            [00D42C13] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT             C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[2096] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!UnhandledExceptionFilter]  [00D42D34] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT             C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[2096] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess]          [00D42D03] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)

---- Devices - GMER 1.0.15 ----

Device          \Driver\Tcpip \Device\Ip                                                                                                        vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device          \Driver\Tcpip \Device\Tcp                                                                                                       vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                          snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                                          snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                                                          snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\atapi \Device\Ide\IdePort0                                                                                              [F740BB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4                                                                                     [F740BB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c                                                                                     [F740BB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device          \Driver\Tcpip \Device\Udp                                                                                                       vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device          \Driver\Tcpip \Device\RawIp                                                                                                     vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device          \Driver\Tcpip \Device\IPMULTICAST                                                                                               vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                        fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File            C:\WINDOWS\system32\drivers\atapi.sys                                                                                           suspicious modification

---- EOF - GMER 1.0.15 ----
         
DANKE

Alt 16.11.2009, 14:59   #17
Larusso
/// Selecta Jahrusso
 
TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



schritt 1

Solltest du noch irgendetwas mit dem Computer verbinden, wie Memorysticks, Speicherkarten, Digitalkameras, Handy, externe Laufwerke, ... dann stecke vor dem Scan alles an.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:[indent]Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.


schritt 2

Schliesse bitte alle laufenden Programme inkl Browser.
Lösche bitte die Extra.txt von Deinem Desktop.
Doppelklick auf die OTL.exe und poste beide Logfiles.


Bitte poste in Deiner nächsten Antwort
Log von ComboFix
Beide OTL Logs
__________________

__________________

Alt 16.11.2009, 21:42   #18
Inuschka
 
TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



ERGEBNIS

ComboFix 09-11-16.05 - XXX 16.11.2009 19:38..1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1014.612 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\XXX\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1701241484-1072665366-4203874858-500
C:\setup.exe

Infizierte Kopie von c:\windows\system32\DRIVERS\atapi.sys wurde gefunden und desinfiziert
Kopie von - Kitty ate it wurde wiederhergestellt
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_HDUSB


((((((((((((((((((((((( Dateien erstellt von 2009-10-16 bis 2009-11-16 ))))))))))))))))))))))))))))))
.

2009-11-16 17:33 . 2009-11-16 18:01 -------- d-----w- c:\programme\CCleaner
2009-11-12 11:14 . 2009-11-12 11:54 -------- d-----w- C:\VundoFix Backups
2009-11-02 13:44 . 2009-11-02 13:44 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-02 13:44 . 2009-11-16 15:04 -------- d-----w- c:\dokumente und einstellungen\xxx\Anwendungsdaten\skypePM
2009-11-02 13:32 . 2009-11-16 20:17 -------- d-----w- c:\dokumente und einstellungen\xxx\Anwendungsdaten\Skype
2009-11-02 13:31 . 2009-11-02 13:31 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype
2009-11-02 13:30 . 2009-11-02 13:31 -------- d-----r- c:\programme\Skype
2009-11-02 13:30 . 2009-11-02 13:30 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
2009-10-20 09:04 . 2009-10-20 09:04 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-16 20:19 . 2008-08-17 15:44 9875488 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-16 20:12 . 2008-08-17 15:44 118772 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-16 18:12 . 2008-08-21 17:50 -------- d-----w- c:\programme\FreeCommander
2009-11-15 19:12 . 2007-11-12 06:41 9275093 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-11-04 14:52 . 2005-12-19 06:26 85740 ----a-w- c:\windows\system32\perfc007.dat
2009-11-04 14:52 . 2005-12-19 06:26 462896 ----a-w- c:\windows\system32\perfh007.dat
2009-11-01 16:35 . 2009-10-14 20:46 84289 ----a-w- c:\dokumente und einstellungen\xxx\Anwendungsdaten\mdbu.bin
2009-10-14 15:33 . 2006-02-03 19:47 -------- d-----w- c:\dokumente und einstellungen\xxx\Anwendungsdaten\Simple Sudoku
2009-10-14 09:52 . 2009-10-14 09:52 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\fotokasten comfort
2009-10-14 09:52 . 2009-10-14 09:52 -------- d-----w- c:\programme\fotokasten comfort
2009-10-07 09:54 . 2008-03-21 21:35 -------- d-----w- c:\programme\Trillian
2009-09-11 14:17 . 2005-12-19 06:26 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2005-12-19 06:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:54 . 2005-12-19 06:26 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2005-12-19 06:27 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 12:13 . 2006-07-03 11:37 58608 ----a-w- c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programme\Apoint\Apoint.exe" [2004-11-17 118784]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"AzMixerSel"="c:\programme\Realtek\InstallShield\AzMixerSel.exe" [2005-05-20 57344]
"SonyPowerCfg"="c:\programme\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 184320]
"ISBMgr.exe"="c:\programme\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\programme\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-20 167936]
"SunJavaUpdateSched"="c:\programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-11-05 286720]
"MMReminderService"="c:\programme\Mindjet\MindManager 6\MMReminderService.exe" [2005-09-13 28672]
"ZoneAlarm Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"WireLessMouse"="c:\programme\Multimedia Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 16:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Programme\\Autodesk\\Backburner\\manager.exe"=
"c:\\Programme\\Autodesk\\Backburner\\server.exe"=
"c:\\Programme\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [27.05.2009 17:20 108289]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [19.12.2005 07:27 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [19.12.2005 07:27 217472]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [09.03.2008 23:04 65536]
S3 TSClient;Tatara Protocol Driver;c:\windows\system32\drivers\tsclient.sys --> c:\windows\system32\drivers\tsclient.sys [?]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2009-11-13 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2007\SystemOptimizer.exe [2006-11-23 15:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=192.168.0.1:3128;https=192.168.0.1:3128;ftp=192.168.0.1:3128;gopher=192.168.0.1:3128;socks=192.168.0.1:1080
uInternet Settings,ProxyOverride = 192.168.0.1;127.0.0.1;localhost;;;;;;;;;;;;;;;;;;;;;;;;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\tm5unjcn.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.http - 192.168.0.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://www.gmer.net
Rootkit scan 2009-11-16 21:19
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1580)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(4028)
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Apoint\Apntex.exe
c:\programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
c:\programme\Cisco Systems\VPN Client\cvpnd.exe
c:\programme\Multimedia Mouse Driver\MouseDrv.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\programme\Sony\VAIO Event Service\VESMgr.exe
c:\programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\programme\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-11-16 21:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-11-16 20:34

Vor Suchlauf: 11 Verzeichnis(se), 21.210.230.784 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 21.092.352.000 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 7FB6703E7C4959D0413BBE0A13746D67
__________________

Geändert von Inuschka (16.11.2009 um 22:12 Uhr)

Alt 16.11.2009, 21:50   #19
Inuschka
 
TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



So jetzt noch das OTL-Ergebnis
Code:
ATTFilter
OTL logfile created on: 16.11.2009 21:43:45 - Run 3
OTL by OldTimer - Version 3.1.5.0     Folder = C:\Dokumente und Einstellungen\iris\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,11 Mb Total Physical Memory | 456,17 Mb Available Physical Memory | 44,98% Memory free
1,63 Gb Paging File | 1,22 Gb Available in Paging File | 74,56% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 19,67 Gb Free Space | 52,78% Space Free | Partition Type: NTFS
Drive D: | 30,28 Gb Total Space | 21,96 Gb Free Space | 72,53% Space Free | Partition Type: NTFS
Drive E: | 372,52 Gb Total Space | 262,62 Gb Free Space | 70,50% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1,91 Gb Total Space | 0,69 Gb Free Space | 36,07% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
 
Computer Name: XXX_VAIO
Current User Name: XXX
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\XXX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Programme\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
PRC - C:\Programme\Multimedia Mouse Driver\MouseDrv.exe ()
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Mindjet\MindManager 6\MmReminderService.exe (Mindjet)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\XXX\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Autodesk Licensing Service) -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (mi-raysat_3dsMax2009_32) -- C:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
SRV - (aawservice) -- C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (S24EventMonitor) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) --  File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb) -- C:\WINDOWS\system32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (akshasp) -- C:\WINDOWS\system32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (AegisP) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (BVRP Software)
DRV - (RimSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (E100B) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (SPI) -- C:\WINDOWS\system32\drivers\SonyPI.sys (Sony Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = h**p://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = h**p://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.gmx.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.0.1;127.0.0.1;localhost;;;;;;;;;;;;;;;;;;;;;;;;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = h**p=192.168.0.1:3128;https=192.168.0.1:3128;ftp=192.168.0.1:3128;gopher=192.168.0.1:3128;socks=192.168.0.1:1080
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.2.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5
FF - prefs.js..network.proxy.http: "192.168.0.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.07 10:21:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.03.09 10:06:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.03.09 10:06:31 | 00,000,000 | ---D | M]
 
[2009.03.09 10:06:50 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Extensions
[2009.03.09 10:06:50 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.11.15 20:24:07 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\tm5unjcn.default\extensions
[2009.09.08 10:00:22 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\tm5unjcn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.09.15 10:07:35 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\tm5unjcn.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009.09.15 10:07:28 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\tm5unjcn.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.11.15 20:24:07 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.03.09 10:06:31 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007.08.15 22:01:22 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007.10.27 11:33:22 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009.03.09 10:06:11 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll
[2009.03.09 10:06:11 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll
[2009.03.09 10:06:21 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
[2009.03.09 10:06:23 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.03.09 10:06:23 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.03.09 10:06:24 | 00,001,706 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml
[2009.03.09 10:06:24 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.03.09 10:06:24 | 00,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.03.09 10:06:24 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
         

Geändert von Inuschka (16.11.2009 um 22:00 Uhr)

Alt 16.11.2009, 21:52   #20
Inuschka
 
TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



zweiter Teil
Code:
ATTFilter
O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O2 - BHO: (Ask Toolbar BHO) - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F4D76F09-7896-458A-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 6\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [WireLessMouse] C:\Programme\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [Skype] C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range78 ([*] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.19 15:43:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2009.11.16 19:26:26 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009.11.16 19:21:51 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009.11.16 19:21:51 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009.11.16 19:21:51 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009.11.16 19:21:51 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009.11.16 19:21:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.11.16 19:19:13 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.11.16 18:56:08 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\iris\Recent
[2009.11.16 18:33:46 | 00,000,000 | ---D | C] -- C:\Programme\CCleaner
[2009.11.16 11:37:44 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\iris\Desktop\OTL.exe
[2009.11.12 12:14:41 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009.11.12 12:14:03 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Dokumente und Einstellungen\iris\Desktop\VundoFix.exe
[2009.11.12 11:59:39 | 00,000,000 | ---D | C] -- C:\Programme\HijackThis
[2009.11.02 14:44:37 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\skypePM
[2009.11.02 14:32:22 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\Skype
[2009.11.02 14:31:03 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2009.11.02 14:30:58 | 00,000,000 | R--D | C] -- C:\Programme\Skype
[2009.11.02 14:30:49 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2009.11.16 21:41:34 | 09,891,872 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009.11.16 21:20:05 | 00,358,383 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009.11.16 21:19:15 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.11.16 21:16:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.11.16 21:15:17 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009.11.16 21:13:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.11.16 21:13:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.11.16 21:12:26 | 00,118,772 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009.11.16 21:12:13 | 06,029,312 | -H-- | M] () -- C:\Dokumente und Einstellungen\XXX\NTUSER.DAT
[2009.11.16 21:12:13 | 00,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\XXX\ntuser.ini
[2009.11.16 19:26:39 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009.11.16 19:15:48 | 03,560,773 | R--- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\cofi.exe
[2009.11.16 19:12:10 | 03,148,854 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\fehler.bmp
[2009.11.16 18:33:47 | 00,001,516 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\CCleaner.lnk
[2009.11.16 11:40:35 | 00,291,840 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\mjp2vgv5.exe
[2009.11.16 11:36:59 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\iris\Desktop\OTL.exe
[2009.11.15 23:33:54 | 00,091,301 | ---- | M] () -- C:\WINDOWS\System32\inyasxy
[2009.11.14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009.11.13 17:17:27 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2009.11.12 12:13:33 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Dokumente und Einstellungen\iris\Desktop\VundoFix.exe
[2009.11.12 09:30:53 | 00,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.11.07 00:02:52 | 00,029,790 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\pod.jpg
[2009.11.06 19:36:46 | 04,001,527 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\Studienarbeit_06112009.pdf
[2009.11.06 13:49:39 | 00,124,821 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\rui.jpg
[2009.11.05 18:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009.11.04 15:52:41 | 00,462,896 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2009.11.04 15:52:41 | 00,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.11.04 15:52:41 | 00,085,740 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2009.11.04 15:52:41 | 00,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.11.04 15:52:40 | 01,078,502 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.11.02 14:44:38 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.11.01 17:35:50 | 00,084,289 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\mdbu.bin
[2009.10.27 13:35:50 | 00,727,387 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Desktop\PICT0048.JPG
[2009.10.25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009.10.22 10:16:22 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009.10.22 10:16:22 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2009.11.16 19:26:38 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009.11.16 19:26:29 | 00,262,448 | ---- | C] () -- C:\cmldr
[2009.11.16 19:21:51 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009.11.16 19:21:51 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009.11.16 19:21:51 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009.11.16 19:21:51 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009.11.16 19:21:51 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009.11.16 19:18:04 | 03,560,773 | R--- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\cofi.exe
[2009.11.16 19:12:09 | 03,148,854 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\fehler.bmp
[2009.11.16 18:33:47 | 00,001,516 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\CCleaner.lnk
[2009.11.16 11:40:47 | 00,291,840 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\mjp2vgv5.exe
[2009.11.15 23:33:54 | 00,091,301 | ---- | C] () -- C:\WINDOWS\System32\inyasxy
[2009.11.07 00:02:37 | 00,029,790 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\pod.jpg
[2009.11.06 19:36:46 | 04,001,527 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\Studienarbeit_06112009.pdf
[2009.11.06 13:49:39 | 00,124,821 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\rui.jpg
[2009.11.06 13:25:37 | 00,568,101 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\100_1927.JPG
[2009.11.02 14:44:38 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.10.27 13:35:44 | 00,727,387 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Desktop\PICT0048.JPG
[2009.10.14 21:46:51 | 00,084,289 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\mdbu.bin
[2009.07.09 00:35:57 | 00,000,046 | ---- | C] () -- C:\WINDOWS\mxcdr.INI
[2009.07.02 08:19:08 | 00,002,465 | R--- | C] () -- C:\WINDOWS\OOIDRV.INI
[2009.06.05 14:26:28 | 00,000,222 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos3_5.INI
[2009.06.05 14:13:06 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009.06.05 14:07:58 | 00,000,085 | ---- | C] () -- C:\WINDOWS\magix.ini
[2009.06.05 14:07:51 | 00,001,104 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008.12.07 19:28:53 | 00,000,282 | ---- | C] () -- C:\WINDOWS\avwin.ini
[2008.06.19 11:41:16 | 00,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008.06.14 21:13:32 | 00,000,102 | ---- | C] () -- C:\WINDOWS\afarechner.INI
[2008.05.26 14:53:48 | 00,000,073 | ---- | C] () -- C:\WINDOWS\MINDMA~1.INI
[2008.05.13 22:45:41 | 00,001,385 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007.11.26 22:40:28 | 00,000,658 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007.11.17 21:33:19 | 00,403,167 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\mdb.bin
[2007.11.17 19:24:37 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007.11.17 19:24:37 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007.11.17 19:24:37 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007.11.17 19:24:36 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007.11.17 19:24:36 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007.09.30 17:56:30 | 00,010,752 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.09 12:24:56 | 06,427,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2007.06.26 10:11:30 | 00,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007.06.09 19:49:50 | 00,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll
[2007.06.09 19:49:50 | 00,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll
[2007.06.09 19:49:24 | 00,796,312 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007.06.07 21:57:25 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.06.05 15:30:41 | 00,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.06.05 14:34:28 | 00,237,568 | ---- | C] () -- C:\WINDOWS\NwtGatewayDLL.dll
[2007.06.05 14:34:28 | 00,001,109 | ---- | C] () -- C:\WINDOWS\NwtGatewayConfig.ini
[2007.05.04 10:02:35 | 00,000,157 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2007.03.28 19:30:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007.02.21 15:32:55 | 00,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2007.01.13 12:20:39 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2006.12.28 18:37:18 | 00,000,076 | ---- | C] () -- C:\WINDOWS\ds3sim.INI
[2006.09.12 20:04:57 | 00,000,164 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.07.30 15:18:51 | 00,000,030 | ---- | C] () -- C:\WINDOWS\avx.ini
[2006.07.23 15:06:01 | 00,000,029 | ---- | C] () -- C:\WINDOWS\USB Downloader.INI
[2006.07.03 17:57:50 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\wordinst.dll
[2006.07.03 12:37:54 | 00,058,608 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2006.07.03 11:11:24 | 00,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.07.03 01:27:53 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\desktop.ini
[2006.07.03 01:27:52 | 00,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.06.29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006.06.29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.04.18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005.12.20 12:45:54 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.12.20 11:56:00 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005.12.20 11:56:00 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005.12.20 11:56:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005.12.20 11:56:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005.12.20 11:56:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005.12.20 11:56:00 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005.12.20 11:39:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005.12.19 16:04:13 | 00,000,941 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005.12.19 15:35:12 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
[2005.12.19 07:27:30 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005.12.19 07:27:18 | 00,004,152 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.12.19 07:26:48 | 00,000,626 | ---- | C] () -- C:\WINDOWS\win.ini
[2005.12.19 07:26:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005.09.02 13:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 20:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004.07.20 16:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004.01.15 13:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003.02.20 17:53:42 | 00,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >
         


Geändert von Inuschka (16.11.2009 um 22:05 Uhr)

Alt 16.11.2009, 21:53   #21
Inuschka
 
TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



Extras
Code:
ATTFilter
OTL Extras logfile created on: 16.11.2009 21:43:45 - Run 3
OTL by OldTimer - Version 3.1.5.0     Folder = C:\Dokumente und Einstellungen\XXX\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,11 Mb Total Physical Memory | 456,17 Mb Available Physical Memory | 44,98% Memory free
1,63 Gb Paging File | 1,22 Gb Available in Paging File | 74,56% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 19,67 Gb Free Space | 52,78% Space Free | Partition Type: NTFS
Drive D: | 30,28 Gb Total Space | 21,96 Gb Free Space | 72,53% Space Free | Partition Type: NTFS
Drive E: | 372,52 Gb Total Space | 262,62 Gb Free Space | 70,50% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1,91 Gb Total Space | 0,69 Gb Free Space | 36,07% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
 
Computer Name: XXX_VAIO
Current User Name: XXX
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\concept design\onlineTV 3\onlineTV.exe" = C:\Programme\concept design\onlineTV 3\onlineTV.exe:*:Enabled:onlineTV -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Autodesk\Backburner\monitor.exe" = C:\Programme\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Programme\Autodesk\Backburner\manager.exe" = C:\Programme\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Programme\Autodesk\Backburner\server.exe" = C:\Programme\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Programme\Autodesk\3ds Max 2009\3dsmax.exe" = C:\Programme\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit -- (Autodesk, Inc.)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06865995-6BBC-4038-9FE0-F0CFD7F81938}" = Nova
"{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}" = Ad-Aware 2007
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{14583268-CF6A-4003-A3EA-0CAC77C978D3}" = Mindjet MindManager Pro 6
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1C70BE80-35E0-46DA-B81D-5BF5652F8D80}" = AV Mode Button Utility
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-0000-7EC8-7489-000000000702}" = Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
"{AC76BA86-0000-7EC8-7489-000000000703}" = Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000704}" = Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-7E8A450000A7}" = Spelling Dictionaries For Adobe Reader Package
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B8C11C23-F46C-48C1-8EA8-CEA82115586A}" = Multimedia Mouse Driver
"{BBFFB027-7D53-4E1B-95BC-35A2216D1D60}" = VAIO Long Battery Life Wallpaper
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-bit
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"AskPBar Uninstall" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"FKC22153088_is1" = fotokasten comfort
"GPL Ghostscript 8.62" = GPL Ghostscript 8.62
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GSview 4.9" = GSview 4.9
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{B8C11C23-F46C-48C1-8EA8-CEA82115586A}" = Multimedia Mouse Driver
"IrfanView" = IrfanView (remove only)
"MacroX" = MacroX 3.1
"MAGIX Fotos auf CD & DVD 3.5" = MAGIX Fotos auf CD & DVD 3.5
"MAGIX Online Druck Service" = MAGIX Online Druck Service
"MatlabR2007a" = MATLAB R2007a
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.7" = MiKTeX 2.7
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nova" = Nova
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Room Arranger" = Room Arranger
"Simple Sudoku_is1" = Simple Sudoku 4.2
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.50
"TMM90" = TELL ME MORE
"Trillian" = Trillian
"TrueImage" = Acronis*TrueImage
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoneAlarm" = ZoneAlarm
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.10.2009 07:06:59 | Computer Name = IRIS_VAIO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung texcntr.exe, Version 0.7.5.0, fehlgeschlagenes
 Modul mfc42.dll, Version 6.2.4131.0, Fehleradresse 0x00068895.
 
Error - 14.10.2009 15:43:46 | Computer Name = IRIS_VAIO | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 16.10.2009 03:30:18 | Computer Name = XXX_VAIO | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 22.10.2009 10:40:33 | Computer Name = XXX_VAIO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung fotokasten_comfort.exe, Version 2.6.13.0,
 fehlgeschlagenes Modul fotokasten_comfort.exe, Version 2.6.13.0, Fehleradresse 
0x00360d13.
 
Error - 25.10.2009 11:47:27 | Computer Name = XXX_VAIO | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 30.10.2009 09:41:13 | Computer Name = XXX_VAIO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung texcntr.exe, Version 0.7.5.0, fehlgeschlagenes
 Modul mfc42.dll, Version 6.2.4131.0, Fehleradresse 0x00068895.
 
Error - 04.11.2009 04:24:16 | Computer Name = XXX_VAIO | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 04.11.2009 04:24:16 | Computer Name = XXX_VAIO | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 08.11.2009 13:39:11 | Computer Name = XXX_VAIO | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
 
Error - 16.11.2009 05:39:31 | Computer Name = XXX_VAIO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
 unknown, Version 0.0.0.0, Fehleradresse 0x07ea0005.
 
[ System Events ]
Error - 16.11.2009 07:44:41 | Computer Name = XXX_VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HDUSB_XP.Sys HDUSB Bulk IO test driver" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1058
 
Error - 16.11.2009 14:28:53 | Computer Name = XXX_VAIO | Source = Service Control Manager | ID = 7034
Description = Dienst "mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 
32-bit" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error - 16.11.2009 14:28:53 | Computer Name = XXX_VAIO | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe Active File Monitor V4" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 16.11.2009 14:34:44 | Computer Name = XXX_VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HDUSB_XP.Sys HDUSB Bulk IO test driver" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1058
 
Error - 16.11.2009 14:35:15 | Computer Name = XXX_VAIO | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe Active File Monitor V4" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 16.11.2009 14:35:16 | Computer Name = XXX_VAIO | Source = Service Control Manager | ID = 7034
Description = Dienst "mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 
32-bit" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error - 16.11.2009 16:17:34 | Computer Name = XXX_VAIO | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst TrueVector
 Internet Monitor.
 
Error - 16.11.2009 16:17:34 | Computer Name = XXX_VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TrueVector Internet Monitor" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%1053
 
Error - 16.11.2009 16:19:01 | Computer Name = XXX_VAIO | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe Active File Monitor V4" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 16.11.2009 16:19:01 | Computer Name = XXX_VAIO | Source = Service Control Manager | ID = 7034
Description = Dienst "mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 
32-bit" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
 
< End of report >
         

Geändert von Inuschka (16.11.2009 um 22:10 Uhr)

Alt 16.11.2009, 22:18   #22
Larusso
/// Selecta Jahrusso
 
TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



<< hatte den richtigen Riecher

schritt 1

Software deinstallieren

Deinstalliere bitte folgende Programme aus der Code-Box
Code:
ATTFilter
ASK Toolbar
Ad Aware
         
Start--> Systemsteuerung--> Software
Nach der Bereinigung werden wir sehen, welche dieser Du wieder installieren kannst


schritt 2

Java aktualisieren

Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).
  • Schließe alle Browserfenster.
  • Doppelklicke die JavaRa.exe, um das Programm zu starten.
  • Die Sprache auswählen, nimm Englisch und klicke "Select".
  • Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und [b]Remove Sun Download Manager[b].
  • Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
  • Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
  • Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
  • Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
  • Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
  • Rechner neu starten.
Downloade nun Java (Java Runtime Environment (JRE) 6 Update 17) von http://www.trojaner-board.de/105213-java-update-einstellungen.html]SUN[/url] und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.


schritt 3

Zweiter Lauf mit Gmer
  • Starte GMER erneut.
  • Dieses Mal machst Du einen Rechtsklick links in das weiße Feld und wählst im Kontext-Menü "Only non MS files".
  • Dann klickst Du auf "Scan" und erlaubst damit GMER erneut zu scannen.
  • Wenn der Scan fertig ist, klickst Du auf den "Copy"-Button, womit der Inhalt ins Clipboard kopiert wird.
  • Nun einen Rechtsklick auf den Desktop, wähle "Textdokument", was ein leeres Dokument auf dem Desktop erstellt.
  • Öffne das Textdokument per Doppelklick, Rechtsklick im Textfeld und "Einfügen".
  • Speichere das Dokument und poste mir den Inhalt hier in den Thread.


schritt 4

Schliesse bitte alle laufenden Programme inkl Browser.
Lösche bitte die Extra.txt von Deinem Desktop.
Doppelklick auf die OTL.exe und poste beide Logfiles.


Wie läuft der Rechner?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 16.11.2009, 23:16   #23
Inuschka
 
TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



Danke, Rechner läuft soweit gut

Ergebnis von gmer

Code:
ATTFilter
GMER 1.0.15.15227 - http://www.gmer.net
Rootkit scan 2009-11-16 23:03:51
Windows 5.1.2600 Service Pack 3
Running: mjp2vgv5.exe; Driver: C:\DOKUME~1\xxx\LOKALE~1\Temp\ufliypoc.sys


---- Modules - GMER 1.0.15 ----

Module   PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)                                                                                                         F762E000-F763A000 (49152 bytes)
Module   timntr.sys (TrueImage Backup Archive Explorer/Acronis)                                                                                                                             F72CD000-F72FF000 (204800 bytes)
Module   srescan.sys                                                                                                                                                                        F72B9000-F72CD000 (81920 bytes)
Module   snapman.sys (Acronis Snapshot API/Acronis)                                                                                                                                         F72A5000-F72B9000 (81920 bytes)
Module   \SystemRoot\system32\DRIVERS\ialmnt5.sys (Intel Graphics Miniport Driver/Intel Corporation)                                                                                        F6B58000-F6C59000 (1052672 bytes)
Module   \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider)                                                            F6B1C000-F6B44000 (163840 bytes)
Module   \SystemRoot\system32\drivers\ti21sony.sys (ti21sony.sys/Texas Instruments)                                                                                                         F6AC2000-F6AF8000 (221184 bytes)
Module   \SystemRoot\system32\DRIVERS\e100b325.sys (Intel(R) PRO/100 Adapter NDIS 5.1 driver/Intel Corporation)                                                                             F6A9C000-F6AC2000 (155648 bytes)
Module   \SystemRoot\system32\DRIVERS\w29n51.sys (Intel® Wireless LAN Driver/Intel® Corporation)                                                                                            F677A000-F6A9C000 (3284992 bytes)
Module   \SystemRoot\system32\DRIVERS\SonyPI.sys (Sony Programmable I/O Control Device/Sony Corporation)                                                                                    F76BE000-F76C7000 (36864 bytes)
Module   \SystemRoot\System32\Drivers\SonyNC.sys (Sony Notebook Control driver/Sony Corporation)                                                                                            F78C6000-F78CC000 (24576 bytes)
Module   \SystemRoot\system32\DRIVERS\Apfiltr.sys (Alps Touch Pad Driver/Alps Electric Co., Ltd.)                                                                                           F6760000-F677A000 (106496 bytes)
Module   \SystemRoot\System32\Drivers\tosrfcom.sys (Bluetooth RFCOMM Driver/TOSHIBA Corporation)                                                                                            F770E000-F771E000 (65536 bytes)
Module   \SystemRoot\system32\DRIVERS\dne2000.sys (Deterministic Network Enhancer/Deterministic Networks, Inc.)                                                                             F6722000-F673D000 (110592 bytes)
Module   \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.)                                                             F78E6000-F78EB000 (20480 bytes)
Module   \SystemRoot\system32\DRIVERS\tosporte.sys (TOSHIBA Bluetooth Port Emulation Driver/TOSHIBA Corporation)                                                                            F777E000-F778A000 (49152 bytes)
Module   \SystemRoot\system32\drivers\RtkHDAud.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.)                                                           AAC75000-AAF98000 (3289088 bytes)
Module   \SystemRoot\system32\DRIVERS\HSFHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.)                                                                                            AAC1F000-AAC51000 (204800 bytes)
Module   \SystemRoot\system32\DRIVERS\HSF_DPV.sys (HSF_DP driver/Conexant Systems, Inc.)                                                                                                    AAB2B000-AAC1F000 (999424 bytes)
Module   \SystemRoot\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.)                                                                                                 AAA7A000-AAB2B000 (724992 bytes)
Module   \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter/Kaspersky Lab)                                                                                                             AAA2F000-AAA52000 (143360 bytes)
Module   \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                        AA91B000-AA97B000 (393216 bytes)
Module   \SystemRoot\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)                                                                                                         F792E000-F7934000 (24576 bytes)
Module   \SystemRoot\system32\DRIVERS\DMICall.sys (Windows 2000 DMI Call Kernel Driver/Sony Corporation)                                                                                    F7C24000-F7C25000 (4096 bytes)
Module   \SystemRoot\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH)                                                                                            AA77C000-AA798000 (114688 bytes)
Module   \??\C:\Programme\Avira\AntiVir_Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH)                                                                                 F7AF6000-F7AF8000 (8192 bytes)
Module   \SystemRoot\System32\Drivers\tosrfusb.sys (Bluetooth USB Miniport Driver/TOSHIBA CORPORATION)                                                                                      F767E000-F7687000 (36864 bytes)
Module   \SystemRoot\System32\Drivers\tosrfbd.sys (Bluetooth RF Bus Driver/TOSHIBA CORPORATION)                                                                                             AA739000-AA754000 (110592 bytes)
Module   \SystemRoot\system32\DRIVERS\Tosrfhid.sys (Bluetooth HID Driver from TOSHIBA/TOSHIBA Corporation.)                                                                                 F768E000-F769E000 (65536 bytes)
Module   \SystemRoot\System32\Drivers\tosrfbnp.sys (Bluetooth RFBNEP Driver/TOSHIBA Corporation)                                                                                            F769E000-F76A7000 (36864 bytes)
Module   \SystemRoot\system32\DRIVERS\tosrfnds.sys (Bluetooth BNEP Driver/TOSHIBA Corporation.)                                                                                             F7956000-F795B000 (20480 bytes)
Module   \SystemRoot\System32\ialmdnt5.dll (Controller Hub for Intel Graphics Driver/Intel Corporation)                                                                                     BF9E4000-BFA05000 (135168 bytes)
Module   \SystemRoot\System32\ialmrnt5.dll (Controller Hub for Intel Graphics Driver/Intel Corporation)                                                                                     BF9D6000-BF9E4000 (57344 bytes)
Module   \SystemRoot\System32\ialmdev5.DLL (Component GHAL Driver/Intel Corporation)                                                                                                        BFA05000-BFA39000 (212992 bytes)
Module   \SystemRoot\System32\ialmdd5.DLL (DirectDraw(R) Driver for Intel(R) Graphics Technology/Intel Corporation)                                                                         BFA39000-BFB1B000 (925696 bytes)
Module   \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated)                                                                                 BFFA0000-BFFE6000 (286720 bytes)
Module   \SystemRoot\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH)                                                                                                     AA531000-AA545000 (81920 bytes)
Module   \SystemRoot\system32\DRIVERS\tifsfilt.sys (TrueImage File System Filter/Acronis)                                                                                                   F7996000-F799D000 (28672 bytes)
Module   \SystemRoot\system32\DRIVERS\AegisP.sys (IEEE 802.1X Protocol Driver/Meetinghouse Data Communications)                                                                             AA569000-AA56D000 (16384 bytes)
Module   \SystemRoot\system32\DRIVERS\s24trans.sys (Intel WLAN Packet Driver/Intel Corporation)                                                                                             AA565000-AA568000 (12288 bytes)
Module   \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems VPN Client IPSec Driver/Cisco Systems, Inc.)                                                                           A9F14000-A9F99000 (544768 bytes)
Module   \??\C:\WINDOWS\system32\drivers\hardlock.sys (Hardlock Device Driver for Windows NT/Aladdin Knowledge Systems Ltd.)                                                                A9E6A000-A9F14000 (696320 bytes)
Module   \SystemRoot\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface DRIVER/Conexant)                                                                                                    AA141000-AA145000 (16384 bytes)
Module   \??\C:\DOKUME~1\xxx\LOKALE~1\Temp\ufliypoc.sys (GMER)                                                                                                                             A8FB3000-A8FCA000 (94208 bytes)

---- Processes - GMER 1.0.15 ----

Process  C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)                                                                                    460
Library  c:\windows\system32\uxtuneup.dll (TuneUp Designerweiterung/TuneUp Software GmbH)                                                                                                   0x55580000

Process  C:\Programme\Intel\Wireless\Bin\EvtEng.exe (EvtEng Module/Intel Corporation)                                                                                                       500
Library  C:\Programme\Intel\Wireless\Bin\EvtEng.exe (EvtEng Module/Intel Corporation)                                                                                                       0x00400000
Library  C:\Programme\Intel\Wireless\Bin\PsRegApi.dll (PsRegApi/Intel Corporation)                                                                                                          0x10000000
Library  C:\Programme\Intel\Wireless\Bin\TraceAPI.DLL (TraceAPI Module/Intel Corporation)                                                                                                   0x00330000

Process  C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Event Monitor - Supports driver extensions to  NIC Driver for wireless adapters./Intel Corporation )                                 580
Library  C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Event Monitor - Supports driver extensions to  NIC Driver for wireless adapters./Intel Corporation )                                 0x00400000
Library  C:\Programme\Intel\Wireless\Bin\TraceAPI.DLL (TraceAPI Module/Intel Corporation)                                                                                                   0x10000000
Library  C:\Programme\Intel\Wireless\Bin\PsRegApi.dll (PsRegApi/Intel Corporation)                                                                                                          0x00330000

Process  C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation)                                                                                                                   752
Library  C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.)                                                                                      0x10000000
Library  C:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll (zlavscan shell extension/Zone Labs, LLC)                                                                                            0x00960000
Library  C:\Programme\Zone Labs\ZoneAlarm\zlavscan_Loc0407.dll                                                                                                                              0x00970000
Library  C:\Programme\WinRAR\rarext.dll                                                                                                                                                     0x00BE0000
Library  C:\Programme\TuneUp Utilities 2007\SDShelEx-win32.dll (TuneUp Shredder Shellerweiterung/TuneUp Software GmbH)                                                                      0x00980000
Library  C:\Programme\Avira\AntiVir Desktop\shlext.dll (AntiVirus context menu/Avira GmbH)                                                                                                  0x00EE0000

Process  C:\Dokumente und Einstellungen\xxx\Desktop\mjp2vgv5.exe                                                                                                                           792
Library  C:\Dokumente und Einstellungen\xxx\Desktop\mjp2vgv5.exe                                                                                                                           0x00400000

Process  C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe                                                                                                           860
Library  C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe                                                                                                           0x00400000
Library  C:\Programme\Adobe\Photoshop Elements 4.0\platform.dll (Adobe Platform/Adobe Systems, Inc.)                                                                                        0x10000000

Process  C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                                            896
Library  C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                                            0x00400000
Library  C:\Programme\Avira\AntiVir Desktop\AVEvtLog.dll (Event Logger/Avira GmbH)                                                                                                          0x10000000
Library  C:\Programme\Avira\AntiVir Desktop\guardmsg.dll (AVGuard Messages (Deutsch)/Avira GmbH)                                                                                            0x00C20000
Library  C:\Programme\Avira\AntiVir Desktop\sqlite3.dll                                                                                                                                     0x00C40000
Library  C:\Programme\Avira\AntiVir Desktop\AVPREF.DLL (Prefix DLL/Avira GmbH)                                                                                                              0x00DB0000
Library  C:\Programme\Avira\AntiVir Desktop\SMTPLIB.DLL (SMTPLIB/Avira GmbH)                                                                                                                0x00DD0000
Library  C:\Programme\Avira\AntiVir Desktop\AVGIO.DLL (On-access scan support/Avira GmbH)                                                                                                   0x011F0000
Library  C:\Programme\Avira\AntiVir Desktop\aecore.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                       0x01320000
Library  C:\Programme\Avira\AntiVir Desktop\aevdf.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                        0x01360000
Library  C:\Programme\Avira\AntiVir Desktop\aescript.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                     0x01390000
Library  C:\Programme\Avira\AntiVir Desktop\aescn.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                        0x01430000
Library  C:\Programme\Avira\AntiVir Desktop\aerdl.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                        0x01460000
Library  C:\Programme\Avira\AntiVir Desktop\aepack.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                       0x014F0000
Library  C:\Programme\Avira\AntiVir Desktop\unacev2.dll (UNACE Dynamic Link Library/ACE Compression Software)                                                                               0x01570000
Library  C:\Programme\Avira\AntiVir Desktop\aeoffice.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                     0x015D0000
Library  C:\Programme\Avira\AntiVir Desktop\aeheur.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                       0x01620000
Library  C:\Programme\Avira\AntiVir Desktop\aehelp.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                       0x01830000
Library  C:\Programme\Avira\AntiVir Desktop\aegen.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                        0x01880000
Library  C:\Programme\Avira\AntiVir Desktop\aeemu.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                        0x018F0000
Library  C:\Programme\Avira\AntiVir Desktop\aebb.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                         0x01970000
Library  C:\Programme\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH)                                                                                                        0x01990000

Process  C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (System Level Service Utility/Autodesk)                                                                      920
Library  C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (System Level Service Utility/Autodesk)                                                                      0x00400000

Process  C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems VPN Client/Cisco Systems, Inc.)                                                                                     944
Library  C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems VPN Client/Cisco Systems, Inc.)                                                                                     0x00400000
Library  C:\WINDOWS\system32\vsdata.dll (TrueVector Service DLL/Zone Labs, LLC)                                                                                                             0x10000000
Library  C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)                                                                                                                 0x00EE0000
Library  C:\WINDOWS\system32\VSUTIL_Loc0407.dll (TrueVector Service/Zone Labs Inc.)                                                                                                         0x013B0000
Library  C:\WINDOWS\system32\vspubapi.dll (TrueVector Service/Zone Labs, LLC)                                                                                                               0x01320000
Library  C:\WINDOWS\system32\VSUTIL.dll (TrueVector Service/Zone Labs, LLC)                                                                                                                 0x013C0000
Library  C:\WINDOWS\system32\vsmonapi.dll (TrueVector Client Interface/Zone Labs, LLC)                                                                                                      0x01370000
Library  C:\WINDOWS\system32\ZoneLabs\fbl.dll (Feature based licensing library/Zone Labs, LLC)                                                                                              0x01650000
Library  C:\WINDOWS\system32\vsxml.dll (TrueVector Service/Zone Labs, LLC)                                                                                                                  0x01670000
Library  C:\WINDOWS\system32\zlcomm.dll (ZLComm/Zone Labs, LLC)                                                                                                                             0x01690000
Library  C:\WINDOWS\system32\ZLCommDB.dll (ZLCommDB/Zone Labs, LLC)                                                                                                                         0x013A0000

Process  C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (RegSrvc Module/Intel Corporation)                                                                                                     1060
Library  C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (RegSrvc Module/Intel Corporation)                                                                                                     0x00400000

Process  C:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe                                                                                              1236
Library  C:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe                                                                                              0x00400000

Process  C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation)                                                                                                      1336
Library  C:\WINDOWS\system32\mdimon.dll (Microsoft® Document Imaging/Microsoft Corporation)                                                                                                 0x00980000
Library  C:\WINDOWS\system32\pdfcmnnt.dll (redmonnt EE (Extended Edition)/internet-support foehr.com)                                                                                       0x10000000
Library  C:\WINDOWS\system32\tbtmon.dll (tbtmon98/Toshiba America Business Solutions, Inc.)                                                                                                 0x00CC0000
Library  C:\WINDOWS\system32\TosBtHcrpAPI.dll                                                                                                                                               0x00CF0000
Library  C:\WINDOWS\system32\TosBtAPI.dll (TosBtAPI/TOSHIBA CORPORATION.)                                                                                                                   0x00D10000
Library  C:\WINDOWS\system32\TosBdAPI.dll (TosBdAPI/TOSHIBA CORPORATION.)                                                                                                                   0x00D70000
Library  C:\WINDOWS\system32\tbtmon98Language.dll (tbtmon98Language/TOSHIBA CORPORATION.)                                                                                                   0x009A0000
Library  C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll (Microsoft® Document Imaging/Microsoft Corporation)                                                                           0x00E20000
Library  C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation)                                                          0x3F420000
         

Alt 16.11.2009, 23:18   #24
Inuschka
 
TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



zweiter Teil
Code:
ATTFilter
Process  C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                                      1392
Library  C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                                      0x00400000
Library  C:\Programme\Avira\AntiVir Desktop\schedr.dll (avschdr Dynamic Link Library/Avira GmbH)                                                                                            0x10000000
Library  C:\Programme\Avira\AntiVir Desktop\avevtlog.dll (Event Logger/Avira GmbH)                                                                                                          0x00B80000
Library  C:\Programme\Avira\AntiVir Desktop\sqlite3.dll                                                                                                                                     0x00CD0000

Process  C:\Programme\Apoint\Apoint.exe (Alps Pointing-device Driver/Alps Electric Co., Ltd.)                                                                                               1640
Library  C:\Programme\Apoint\Apoint.exe (Alps Pointing-device Driver/Alps Electric Co., Ltd.)                                                                                               0x00400000
Library  C:\WINDOWS\system32\VXDIF.DLL (Vxdif/Alps Electric Co., Ltd.)                                                                                                                      0x10000000
Library  C:\Programme\Apoint\ApWheel.dll (Apoint Wheel Support Library/ALPS ELECTRIC CO., LTD.)                                                                                             0x00920000
Library  C:\Programme\Apoint\Apoint.DLL (Alps Pointing-device Driver/Alps Electric Co., Ltd.)                                                                                               0x009F0000
Library  C:\Programme\Apoint\ApRes.dll (Alps Pointing-device Driver/Alps Electric Co., Ltd.)                                                                                                0x010A0000
Library  C:\Programme\Apoint\EzAuto.dll (Alps pointing device extension/Alps Electric Co., Ltd.)                                                                                            0x00A20000
Library  C:\Programme\Apoint\EzLaunch.DLL (Easy Launcher/Alps Electric Co., Ltd.)                                                                                                           0x01000000

Process  C:\WINDOWS\system32\igfxpers.exe (persistence Module/Intel Corporation)                                                                                                            1656
Library  C:\WINDOWS\system32\igfxpers.exe (persistence Module/Intel Corporation)                                                                                                            0x00400000
Library  C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation)                                                                                                               0x10000000

Process  C:\Programme\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.)                                                                                         1752
Library  C:\Programme\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.)                                                                                         0x00400000
Library  C:\PROGRA~1\GEMEIN~1\SYSTEM\MSMAPI\1031\MSMAPI32.DLL (Extended MAPI 1.0 for Windows NT/Microsoft Corporation)                                                                      0x35F70000

Process  C:\WINDOWS\system32\igfxext.exe (igfxext Module/Intel Corporation)                                                                                                                 1760
Library  C:\WINDOWS\system32\igfxext.exe (igfxext Module/Intel Corporation)                                                                                                                 0x00400000
Library  C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation)                                                                                                               0x10000000
Library  C:\WINDOWS\system32\IGFXEXPS.DLL (igfxext Module/Intel Corporation)                                                                                                                0x00FD0000

Process  C:\WINDOWS\system32\igfxsrvc.exe (igfxsrvc Module/Intel Corporation)                                                                                                               1800
Library  C:\WINDOWS\system32\igfxsrvc.exe (igfxsrvc Module/Intel Corporation)                                                                                                               0x00400000
Library  C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation)                                                                                                               0x10000000
Library  C:\WINDOWS\system32\igfxdev.dll (igfxdev Module/Intel Corporation)                                                                                                                 0x00FD0000

Process  C:\WINDOWS\system32\igfxtray.exe (igfxTray Module/Intel Corporation)                                                                                                               1872
Library  C:\WINDOWS\system32\igfxtray.exe (igfxTray Module/Intel Corporation)                                                                                                               0x00400000
Library  C:\WINDOWS\system32\hccutils.DLL (hccutils Module/Intel Corporation)                                                                                                               0x10000000
Library  C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation)                                                                                                               0x00920000
Library  C:\WINDOWS\system32\igfxres.dll (igfxres Module/Intel Corporation)                                                                                                                 0x00F20000
Library  C:\WINDOWS\system32\igfxress.dll (igfxress Module/Intel Corporation)                                                                                                               0x010A0000

Process  C:\Programme\Sony\VAIO Event Service\VESMgr.exe (VAIO Event Service (Service Module)/Sony Corporation)                                                                             1880
Library  C:\Programme\Sony\VAIO Event Service\VESMgr.exe (VAIO Event Service (Service Module)/Sony Corporation)                                                                             0x00400000
Library  C:\Programme\Sony\VAIO Event Service\VESSuEvent.dll (VAIO Event Service (SnyUtils Event Module)/Sony Corporation)                                                                  0x10000000
Library  C:\Programme\Sony\VAIO Event Service\VESBasePS.dll                                                                                                                                 0x00920000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\Sony Utilities\SnyUtils.dll (SnyUtils.DLL/Sony Corporation)                                                                            0x00930000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\SXBIOS\sxbios.dll (SxBios DLL/Sony Corporation)                                                                                        0x00F10000
Library  C:\Programme\Sony\VAIO Event Service\VESWndMsg.dll (VAIO Event Service (WndMsg Module)/Sony Corporation)                                                                           0x00F50000
Library  C:\Programme\Sony\VAIO Event Service\VESWndMsgHook.dll (VAIO Event Service (Hook Module for VESWndMsg)/Sony Corporation)                                                           0x00F90000
Library  C:\Programme\Sony\VAIO Event Service\VESTransform.dll (VAIO Event Service (Transform Module)/Sony Corporation)                                                                     0x00FB0000
Library  C:\Programme\Sony\VAIO Event Service\VESHardwareMixer.dll (VAIO Event Service (Hardware Mixer Module)/Sony Corporation)                                                            0x01600000
Library  C:\Programme\Sony\VAIO Power Management\VESPowerMgr.dll (VAIO Event Service (Power Management Module)/Sony Corporation)                                                            0x01770000
Library  C:\Programme\Sony\VAIO Event Service\VESSemiPnP.dll (VAIO Event Service (Plug and Display Function Module)/Sony Corporation)                                                       0x01D00000
Library  C:\Programme\Sony\VAIO Event Service\VESSuPerform.dll (VAIO Event Service (SnyUtils Perform Module)/Sony Corporation)                                                              0x01D20000
Library  C:\Programme\Sony\VAIO Event Service\VESVideo.dll (VAIO Event Service(Video Module)/Sony Corporation)                                                                              0x01D40000
Library  C:\Programme\Sony\VAIO Event Service\VESPerform.dll (VAIO Event Service (Common Perform Module)/Sony Corporation)                                                                  0x01D60000
Library  C:\Programme\Sony\AV Mode Button Utility\VESAVModeButton.dll (VAIO Event Service(AVModeButton Module)/Sony Corporation)                                                            0x01D90000
Library  C:\Programme\Sony\VAIO Event Service\VESFnLock.dll (VAIO Event Service (Fn Lock Module)/Sony Corporation)                                                                          0x01DB0000
Library  C:\Programme\Sony\VAIO Event Service\VESHKWndCommon.dll (VAIO Event Service (Hotkey UI Module)/Sony Corporation)                                                                   0x01DE0000
Library  C:\WINDOWS\system32\IGFXEXPS.DLL (igfxext Module/Intel Corporation)                                                                                                                0x02050000

Process  C:\WINDOWS\system32\hkcmd.exe (hkcmd Module/Intel Corporation)                                                                                                                     1908
Library  C:\WINDOWS\system32\hkcmd.exe (hkcmd Module/Intel Corporation)                                                                                                                     0x00400000
Library  C:\WINDOWS\system32\hccutils.DLL (hccutils Module/Intel Corporation)                                                                                                               0x10000000
Library  C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation)                                                                                                               0x00ED0000
Library  C:\WINDOWS\system32\igfxres.dll (igfxres Module/Intel Corporation)                                                                                                                 0x00EF0000

Process  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (VAIO Entertainment UPnP Client Adapter/Sony Corporation)                                    1916
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (VAIO Entertainment UPnP Client Adapter/Sony Corporation)                                    0x00400000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\sonyuppc.dll (Sony UPnP Client Library/Sony Corporation)                                              0x10000000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\UPnPCtrl.dll (Sony UPnPCtrl Library/Sony Corporation)                                                 0x00330000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSWEXEps.dll (VAIO Entertainment UPnP Client Adapter Proxy/Sony Corporation)                         0x00E00000

Process  C:\Programme\Java\jre6\bin\jusched.exe (Java(TM) Platform SE binary/Sun Microsystems, Inc.)                                                                                        1940
Library  C:\Programme\Java\jre6\bin\jusched.exe (Java(TM) Platform SE binary/Sun Microsystems, Inc.)                                                                                        0x00400000

Process  C:\WINDOWS\system32\winlogon.exe (Windows NT-Anmeldung/Microsoft Corporation)                                                                                                      1976
Library  C:\WINDOWS\system32\VESWinlogon.dll (VAIO Event Service (Winlogon Notification Module)/Sony Corporation)                                                                           0x10000000

Process  C:\WINDOWS\system32\ICO.EXE (Mouse Suite 98 Daemon/Primax Electronics Ltd.)                                                                                                        2136
Library  C:\WINDOWS\system32\ICO.EXE (Mouse Suite 98 Daemon/Primax Electronics Ltd.)                                                                                                        0x00400000

Process  C:\Programme\Sony\VAIO Power Management\SPMgr.exe (SPM Module/Sony Corporation)                                                                                                    2168
Library  C:\Programme\Sony\VAIO Power Management\SPMgr.exe (SPM Module/Sony Corporation)                                                                                                    0x00400000
Library  C:\Programme\Sony\VAIO Power Management\SPMDAM.dll (SPM Data Access Manager/Sony Corporation)                                                                                      0x10000000
Library  C:\Programme\Sony\VAIO Power Management\SPMRes.dll (SPM Module/Sony Corporation)                                                                                                   0x00940000
Library  C:\Programme\Sony\VAIO Power Management\SPMDrv.dll (SPM driver/Sony Corporation)                                                                                                   0x00AF0000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\Sony Utilities\SnyUtils.dll (SnyUtils.DLL/Sony Corporation)                                                                            0x00B10000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\SXBIOS\sxbios.dll (SxBios DLL/Sony Corporation)                                                                                        0x00B30000

Process  C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)                                                                                                                        2184
Library  C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)                                                                                                                        0x00400000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\Sony Utilities\SnyUtils.dll (SnyUtils.DLL/Sony Corporation)                                                                            0x10000000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\SXBIOS\sxbios.dll (SxBios DLL/Sony Corporation)                                                                                        0x00900000
Library  C:\Programme\Sony\ISB Utility\ISBRes.dll (Sony Corporation)                                                                                                                        0x00C50000

Process  C:\Programme\Mindjet\MindManager 6\MMReminderService.exe (MindManager Reminder Services/Mindjet)                                                                                   2260
Library  C:\Programme\Mindjet\MindManager 6\MMReminderService.exe (MindManager Reminder Services/Mindjet)                                                                                   0x00400000
Library  C:\Programme\Mindjet\MindManager 6\MmServiceUtilities.dll (Service Utility Library/Mindjet)                                                                                        0x10000000
Library  C:\Programme\Mindjet\MindManager 6\MmUtilities.dll (Utility Library/Mindjet)                                                                                                       0x00340000
Library  C:\Programme\Mindjet\MindManager 6\VIC32.DLL (Victor 32-bit Library/Catenary Systems)                                                                                              0x60C90000
Library  C:\Programme\Mindjet\MindManager 6\BCGCBPRO730u.dll (BCGControlBar Professional DLL for MindManager/BCGSoft Ltd / Mindjet LLC)                                                     0x00410000

Process  C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (ZoneAlarm Client/Zone Labs, LLC)                                                                                                    2280
Library  C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (ZoneAlarm Client/Zone Labs, LLC)                                                                                                    0x00400000
Library  C:\WINDOWS\system32\VSUTIL.dll (TrueVector Service/Zone Labs, LLC)                                                                                                                 0x10000000
Library  C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)                                                                                                                 0x00340000
Library  C:\WINDOWS\system32\VSPUBAPI.dll (TrueVector Service/Zone Labs, LLC)                                                                                                               0x00370000
Library  C:\Programme\Zone Labs\ZoneAlarm\framewrk.dll (ZoneAlarm Framework Module/Zone Labs, LLC)                                                                                          0x004E0000
Library  C:\WINDOWS\system32\zpeng24.dll (Python Core/Python Software Foundation)                                                                                                           0x1E000000
Library  C:\WINDOWS\system32\VSUTIL_Loc0407.dll (TrueVector Service/Zone Labs Inc.)                                                                                                         0x00F10000
Library  C:\Programme\Zone Labs\ZoneAlarm\framewrk_Loc0407.dll (ZoneAlarm Framework Module/Zone Labs Inc.)                                                                                  0x00F30000
Library  C:\WINDOWS\system32\ZoneLabs\fbl.dll (Feature based licensing library/Zone Labs, LLC)                                                                                              0x010B0000
Library  C:\WINDOWS\system32\vsdata.dll (TrueVector Service DLL/Zone Labs, LLC)                                                                                                             0x010D0000
Library  C:\WINDOWS\system32\vsxml.dll (TrueVector Service/Zone Labs, LLC)                                                                                                                  0x01100000
Library  C:\WINDOWS\system32\ZoneLabs\lib\pyd\zpui.pyd                                                                                                                                      0x01420000
Library  C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd                                                                                                                                   0x1D100000
Library  C:\Programme\Zone Labs\ZoneAlarm\zlclient_Loc0407.dll (ZoneAlarm/Zone Labs Inc.)                                                                                                   0x01450000
Library  C:\WINDOWS\system32\vsmonapi.dll (TrueVector Client Interface/Zone Labs, LLC)                                                                                                      0x01710000
Library  C:\WINDOWS\system32\zlcomm.dll (ZLComm/Zone Labs, LLC)                                                                                                                             0x01740000
Library  C:\WINDOWS\system32\ZLCommDB.dll (ZLCommDB/Zone Labs, LLC)                                                                                                                         0x01760000
Library  C:\WINDOWS\system32\ZoneLabs\scheduler.dll (scheduler feature plug-in/Zone Labs, LLC)                                                                                              0x01780000
Library  C:\Programme\Zone Labs\ZoneAlarm\alert.zap (Alerts Plugin Module/Zone Labs, LLC)                                                                                                   0x60000000
Library  C:\Programme\Zone Labs\ZoneAlarm\alert_Loc0407.zap (Alerts Plugin Module/Zone Labs
         

Alt 16.11.2009, 23:19   #25
Inuschka
 
TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



dritter Teil
Code:
ATTFilter
Library  C:\Programme\Zone Labs\ZoneAlarm\cam.zap (Anti-Virus Monitoring Module/Zone Labs, LLC)                                                                                             0x017F0000
Library  C:\Programme\Zone Labs\ZoneAlarm\cam_Loc0407.zap (Anti-virus-Überwachungsmodul/Zone Labs Inc.)                                                                                     0x01810000
Library  C:\Programme\Zone Labs\ZoneAlarm\email.zap (Email Plugin Module/Zone Labs, LLC)                                                                                                    0x01820000
Library  C:\Programme\Zone Labs\ZoneAlarm\email_Loc0407.zap (Email Plugin Module/Zone Labs Inc.)                                                                                            0x01840000
Library  C:\Programme\Zone Labs\ZoneAlarm\filter.zap (Filter Plugin Module/Zone Labs, LLC)                                                                                                  0x01850000
Library  C:\Programme\Zone Labs\ZoneAlarm\filter_Loc0407.zap (Filter Plugin Module/Zone Labs Inc.)                                                                                          0x01860000
Library  C:\Programme\Zone Labs\ZoneAlarm\firewall.zap (Firewall Plugin Module/Zone Labs, LLC)                                                                                              0x01870000
Library  C:\Programme\Zone Labs\ZoneAlarm\firewall_Loc0407.zap (Firewall Plugin Module/Zone Labs Inc.)                                                                                      0x018A0000
Library  C:\Programme\Zone Labs\ZoneAlarm\idlock.zap (ZoneAlarmPro/Zone Labs, LLC)                                                                                                          0x018B0000
Library  C:\Programme\Zone Labs\ZoneAlarm\idlock_Loc0407.zap (ZoneAlarmPro/Zone Labs Inc.)                                                                                                  0x018F0000
Library  C:\Programme\Zone Labs\ZoneAlarm\privacy.zap (Privacy Plugin Module/Zone Labs, LLC)                                                                                                0x01910000
Library  C:\Programme\Zone Labs\ZoneAlarm\privacy_Loc0407.zap (Privacy Plugin Module/Zone Labs Inc.)                                                                                        0x01940000
Library  C:\Programme\Zone Labs\ZoneAlarm\programs.zap (Programs Plugin Module/Zone Labs, LLC)                                                                                              0x01950000
Library  C:\Programme\Zone Labs\ZoneAlarm\programs_Loc0407.zap (Programs Plugin Module/Zone Labs Inc.)                                                                                      0x019A0000
Library  C:\WINDOWS\system32\ZoneLabs\av.dll (av feature plug-in/Zone Labs, LLC)                                                                                                            0x01A60000
Library  C:\WINDOWS\system32\ZoneLabs\av_Loc0407.dll (av feature plug-in/Zone Labs Inc.)                                                                                                    0x01AC0000
Library  C:\Programme\Zone Labs\ZoneAlarm\security.zap (Overview Plugin Module/Zone Labs, LLC)                                                                                              0x019D0000
Library  C:\Programme\Zone Labs\ZoneAlarm\security_Loc0407.zap (Overview Plugin Module/Zone Labs Inc.)                                                                                      0x01AD0000
Library  C:\WINDOWS\system32\ZoneLabs\camupd.dll (camupd feature plug-in/Zone Labs, LLC)                                                                                                    0x01B20000

Process  C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH)                                                                                               2320
Library  C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH)                                                                                               0x00400000
Library  C:\Programme\Avira\AntiVir Desktop\cclib.dll (Antivirus Control Center Common Library/Avira GmbH)                                                                                  0x10000000
Library  c:\programme\avira\antivir desktop\ccgen.dll (Control Center General Plugin/Avira GmbH)                                                                                            0x00B00000
Library  c:\programme\avira\antivir desktop\ccgenrc.dll (Control Center General Plugin Resources/Avira GmbH)                                                                                0x00B90000
Library  c:\programme\avira\antivir desktop\ccguard.dll (Control Center Guard Plugin/Avira GmbH)                                                                                            0x00BB0000
Library  c:\programme\avira\antivir desktop\ccgrdrc.dll (Control Center Guard Plugin Resources/Avira GmbH)                                                                                  0x00C10000
Library  c:\programme\avira\antivir desktop\avipc.dll (AVIRA IPC Library/Avira GmbH)                                                                                                        0x00C30000
Library  c:\programme\avira\antivir desktop\ccupdate.dll (Control Center Updater Plugin/Avira GmbH)                                                                                         0x00C60000
Library  c:\programme\avira\antivir desktop\ccupdrc.dll (Control Center Updater Plugin Resources/Avira GmbH)                                                                                0x00CB0000
Library  c:\programme\avira\antivir desktop\cclic.dll (Control Center License Plugin/Avira GmbH)                                                                                            0x00CD0000
Library  c:\programme\avira\antivir desktop\cclicrc.dll (Control Center License Plugin Resources/Avira GmbH)                                                                                0x00E30000
Library  c:\programme\avira\antivir desktop\ccmsg.dll (Control Center Message Plugin/Avira GmbH)                                                                                            0x00E50000

Process  C:\Programme\Multimedia Mouse Driver\MouseDrv.exe                                                                                                                                  2428
Library  C:\Programme\Multimedia Mouse Driver\MouseDrv.exe                                                                                                                                  0x00400000
Library  C:\Programme\Multimedia Mouse Driver\MouseHook.dll                                                                                                                                 0x10000000

Process  C:\Programme\Apoint\Apntex.exe (Alps Pointing-device Driver for Windows NT/2000/XP/Alps Electric Co., Ltd.)                                                                        2444
Library  C:\Programme\Apoint\Apntex.exe (Alps Pointing-device Driver for Windows NT/2000/XP/Alps Electric Co., Ltd.)                                                                        0x00400000
Library  C:\WINDOWS\system32\VXDIF.DLL (Vxdif/Alps Electric Co., Ltd.)                                                                                                                      0x10000000

Process  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (VAIO Entertainment Database Service/Sony Corporation)                                  2516
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (VAIO Entertainment Database Service/Sony Corporation)                                  0x00400000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbVcds.dll (Remote Database Adaptor/Sony Corporation)                                             0x10000000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSsDB.dll (SonicStage Database Adaptor/Sony Corporation)                                         0x00640000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbLocalDB.dll (Local Database Adaptor/Sony Corporation)                                           0x00680000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSWEXEps.dll (VAIO Entertainment UPnP Client Adapter Proxy/Sony Corporation)                         0x00DB0000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvcps.dll (VAIO Entertainment Database Service Proxy/Sony Corporation)                          0x00DE0000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\Avlib\Metallic.dll (Metallic Database Library/Sony Corporation)                                                                        0x01230000
Library  C:\WINDOWS\system32\msjetoledb40.dll                                                                                                                                               0x1B570000

Process  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (VAIO Entertainment File Import Service/Sony Corporation)                                   2672
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (VAIO Entertainment File Import Service/Sony Corporation)                                   0x00400000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFwImport.dll (VAIO Entertainment File Importer/Sony Corporation)                                   0x10000000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdb.dll (VAIO Entertainment Common Database/Sony Corporation)                                      0x00E70000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvcps.dll (VAIO Entertainment Database Service Proxy/Sony Corporation)                          0x00F90000
Library  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCs.dll (VzCs Manager/Sony Corporation)                                                             0x00FA0000

Process  C:\WINDOWS\system32\ZoneLabs\vsmon.exe (TrueVector Service/Zone Labs, LLC)                                                                                                         3540
Library  C:\WINDOWS\system32\ZoneLabs\vsmon.exe (TrueVector Service/Zone Labs, LLC)                                                                                                         0x00400000
Library  C:\WINDOWS\system32\VSUTIL.dll (TrueVector Service/Zone Labs, LLC)                                                                                                                 0x10000000
Library  C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)                                                                                                                 0x00330000
Library  C:\WINDOWS\system32\zpeng24.dll (Python Core/Python Software Foundation)                                                                                                           0x1E000000
Library  C:\WINDOWS\system32\VSUTIL_Loc0407.dll (TrueVector Service/Zone Labs Inc.)                                                                                                         0x003F0000
Library  C:\WINDOWS\system32\zonelabs\lib\pyd\signedDll.pyd                                                                                                                                 0x01000000
Library  C:\WINDOWS\system32\zonelabs\lib\pyd\pyvsinit.pyd                                                                                                                                  0x01010000
Library  C:\WINDOWS\system32\zonelabs\lib\pyd\pyexpat.pyd                                                                                                                                   0x1D100000
Library  C:\WINDOWS\system32\zonelabs\lib\pyd\_socket.pyd                                                                                                                                   0x1E1D0000
Library  C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll (vsmon plug-in/Zone Labs, LLC)                                                                                  0x01020000
Library  C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll (RPC Server plug-in/Zone Labs, LLC)                                                                                 0x01030000
Library  C:\WINDOWS\system32\ZoneLabs\vsmondll.dll (TrueVector Service/Zone Labs, LLC)                                                                                                      0x01240000
Library  C:\WINDOWS\system32\VSDATA.dll (TrueVector Service DLL/Zone Labs, LLC)                                                                                                             0x01450000
Library  C:\WINDOWS\system32\ZoneLabs\ssleay32.dll (TrueVector Service/Zone Labs, LLC)                                                                                                      0x01470000
Library  C:\WINDOWS\system32\vsxml.dll (TrueVector Service/Zone Labs, LLC)                                                                                                                  0x01650000
Library  C:\WINDOWS\system32\ZoneLabs\fbl.dll (Feature based licensing library/Zone Labs, LLC)                                                                                              0x01790000
Library  C:\WINDOWS\system32\zlcomm.dll (ZLComm/Zone Labs, LLC)                                                                                                                             0x017B0000
Library  C:\WINDOWS\system32\ZLCommDB.dll (ZLCommDB/Zone Labs, LLC)                                                                                                                         0x017D0000
Library  C:\WINDOWS\system32\ZoneLabs\vsdb.dll (TrueVector Service/Zone Labs, LLC)                                                                                                          0x017F0000
Library  C:\WINDOWS\system32\ZoneLabs\VSRULEDB.DLL (TrueVector Service/Zone Labs, LLC)                                                                                                      0x01A10000
Library  C:\WINDOWS\system32\ZoneLabs\VSRULEDB_Loc0407.dll (TrueVector Service/Zone Labs Inc.)                                                                                              0x01B60000
Library  C:\WINDOWS\system32\ZoneLabs\vsvault.dll (TrueVector Service/Zone Labs, LLC)                                                                                                       0x02190000
Library  C:\WINDOWS\system32\vswmi.dll (vsmon component/Zone Labs, LLC)                                                                                                                     0x025D0000
Library  C:\WINDOWS\system32\ZoneLabs\av.dll (av feature plug-in/Zone Labs, LLC)                                                                                                            0x025F0000
Library  C:\WINDOWS\system32\ZoneLabs\av_Loc0407.dll (av feature plug-in/Zone Labs Inc.)                                                                                                    0x02650000
Library  C:\WINDOWS\system32\ZoneLabs\imsecure.dll (TrueVector Service/Zone Labs, LLC)                                                                                                      0x02660000
Library  C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll (zlquarantine/Zone Labs, LLC)                                                                                                        0x026B0000
Library  C:\WINDOWS\system32\ZoneLabs\zlquarantine_Loc0407.dll (zlquarantine/Zone Labs Inc.)                                                                                                0x02790000
Library  C:\WINDOWS\system32\ZoneLabs\qrbase.dll (qrbase/Zone Labs, LLC)                                                                                                                    0x035E0000
Library  C:\WINDOWS\system32\ZoneLabs\scheduler.dll (scheduler feature plug-in/Zone Labs, LLC)                                                                                              0x027A0000
Library  C:\WINDOWS\system32\ZoneLabs\zlsre.dll (zlsre/Zone Labs, LLC)                                                                                                                      0x037E0000
Library  C:\WINDOWS\system32\ZoneLabs\zlsre_Loc0407.dll (zlsre/Zone Labs Inc.)                                                                                                              0x027D0000
Library  C:\WINDOWS\system32\ZoneLabs\srescan.dll (srescan/Zone Labs, LLC)                                                                                                                  0x03BE0000
Library  C:\WINDOWS\system32\ZoneLabs\zlupdate.dll (ZLUpdate feature plug-in/Zone Labs, LLC)                                                                                                0x027E0000
Library  C:\WINDOWS\system32\ZoneLabs\streamapi\h**pblocker\h**pblocker.dll (h**pBlocker plug-in/Zone Labs, LLC)                                                                            0x03690000
Library  C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll                                                                                                                                            0x03E50000
Library  C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll (ZoneAlarm IMsecure components for securing MSN/AIM-OSCAR/YIM protocols/Zone Labs, LLC)                                   0x03F20000
Library  C:\WINDOWS\system32\ZoneLabs\camupd.dll (camupd feature plug-in/Zone Labs, LLC)                                                                                                    0x022E0000
         

Alt 16.11.2009, 23:20   #26
Inuschka
 
TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



vierter Teil und letzter Teil
Code:
ATTFilter
---- Services - GMER 1.0.15 ----

Service  C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe                                                                                                           [AUTO] AdobeActiveFileMonitor4.0
Service  C:\WINDOWS\system32\DRIVERS\AegisP.sys (IEEE 802.1X Protocol Driver/Meetinghouse Data Communications)                                                                              [AUTO] AegisP
Service  C:\WINDOWS\system32\DRIVERS\akshasp.sys (AKSHASP Device Driver/Aladdin Knowledge Systems Ltd.)                                                                                     [MANUAL] akshasp
Service  C:\WINDOWS\system32\DRIVERS\aksusb.sys (Aladdin USB Key Driver/Aladdin Knowledge Systems Ltd.)                                                                                     [MANUAL] aksusb
Service  C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                                      [AUTO] AntiVirSchedulerService
Service  C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                                            [AUTO] AntiVirService
Service  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Touch Pad Driver/Alps Electric Co., Ltd.)                                                                                            [MANUAL] ApfiltrService
Service                                                                                                                                                                                     ASPI32
Service  C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (System Level Service Utility/Autodesk)                                                                      [AUTO] Autodesk Licensing Service
Service  C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH)                                                                                     [SYSTEM] avgio
Service  C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH)                                                                                                      [AUTO] avgntflt
Service  C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH)                                                                                             [SYSTEM] avipbb
Service  C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (BVRP NDIS 5.0 MPR Protocol Driver/BVRP Software)                                                                                         [MANUAL] BVRPMPR5
Service  C:\cofi\catchme.sys                                                                                                                                                                [MANUAL] catchme
Service  C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems VPN Adapter/Cisco Systems, Inc.)                                                                                             [MANUAL] CVirtA
Service  C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems VPN Client/Cisco Systems, Inc.)                                                                                     [AUTO] CVPND
Service  C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems VPN Client IPSec Driver/Cisco Systems, Inc.)                                                                               [AUTO] CVPNDRVA
Service  C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (AVM de_serv/AVM Berlin)                                                                                                           [MANUAL] de_serv
Service  C:\WINDOWS\system32\DRIVERS\DMICall.sys (Windows 2000 DMI Call Kernel Driver/Sony Corporation)                                                                                     [SYSTEM] DMICall
Service  C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Network Enhancer/Deterministic Networks, Inc.)                                                                              [MANUAL] DNE
Service  C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel(R) PRO/100 Adapter NDIS 5.1 driver/Intel Corporation)                                                                              [MANUAL] E100B
Service  C:\Programme\Intel\Wireless\Bin\EvtEng.exe (EvtEng Module/Intel Corporation)                                                                                                       [AUTO] EvtEng
Service  C:\WINDOWS\system32\drivers\hardlock.sys (Hardlock Device Driver for Windows NT/Aladdin Knowledge Systems Ltd.)                                                                    [AUTO] Hardlock
Service  C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider)                                                             [MANUAL] HDAudBus
Service  C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.)                                                                                             [MANUAL] HSFHWAZL
Service  C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (HSF_DP driver/Conexant Systems, Inc.)                                                                                                     [MANUAL] HSF_DPV
Service  C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Graphics Miniport Driver/Intel Corporation)                                                                                         [MANUAL] ialm
Service  C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation)                                                          [MANUAL] IDriverT
Service  C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.)                                                            [MANUAL] IntcAzAudAddService
Service  C:\Programme\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.)                                                                                         [AUTO] JavaQuickStarterService
Service  C:\WINDOWS\system32\DRIVERS\klif.sys (Klif Mini-Filter/Kaspersky Lab)                                                                                                              [SYSTEM] KLIF
Service  C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface DRIVER/Conexant)                                                                                                     [AUTO] mdmxsdk
Service  C:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe                                                                                              [AUTO] mi-raysat_3dsMax2009_32
Service                                                                                                                                                                                     MSDTC Bridge 3.0.0.0
Service                                                                                                                                                                                     Outlook
Service  C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.)                                                              [MANUAL] Ptilink
Service  C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)                                                                             [BOOT] PxHelp20
Service  C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (RegSrvc Module/Intel Corporation)                                                                                                     [AUTO] RegSrvc
Service  C:\WINDOWS\system32\DRIVERS\RimSerial.sys (RIM Virtual Serial Driver/Research in Motion Ltd)                                                                                       [MANUAL] RimSerPort
Service  System32\Drivers\RimUsb.sys                                                                                                                                                        [MANUAL] RimUsb
Service  C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Event Monitor - Supports driver extensions to  NIC Driver for wireless adapters./Intel Corporation )                                 [AUTO] S24EventMonitor
Service  C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel WLAN Packet Driver/Intel Corporation)                                                                                              [AUTO] s24trans
Service  C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)                      [MANUAL] Secdrv
Service  C:\WINDOWS\system32\DRIVERS\ser2pl.sys (USB-to-Serial Cable Driver/Prolific Technology Inc.)                                                                                       [MANUAL] Ser2pl
Service                                                                                                                                                                                     ServiceModelEndpoint 3.0.0.0
Service                                                                                                                                                                                     ServiceModelOperation 3.0.0.0
Service                                                                                                                                                                                     ServiceModelService 3.0.0.0
Service                                                                                                                                                                                     SMSvcHost 3.0.0.0
Service  C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis Snapshot API/Acronis)                                                                                                             [BOOT] snapman
Service  C:\WINDOWS\System32\Drivers\SonyNC.sys (Sony Notebook Control driver/Sony Corporation)                                                                                             [MANUAL] SNC
Service  C:\WINDOWS\system32\DRIVERS\SonyPI.sys (Sony Programmable I/O Control Device/Sony Corporation)                                                                                     [MANUAL] SPI
Service  C:\WINDOWS\system32\ZoneLabs\srescan.sys (srescan/Zone Labs, LLC)                                                                                                                  [BOOT] srescan
Service  C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)                                                                                                          [SYSTEM] ssmdrv
Service  C:\WINDOWS\system32\drivers\ti21sony.sys (ti21sony.sys/Texas Instruments)                                                                                                          [MANUAL] ti21sony
Service  C:\WINDOWS\system32\DRIVERS\tifsfilt.sys (TrueImage File System Filter/Acronis)                                                                                                    [AUTO] tifsfilter
Service  C:\WINDOWS\system32\DRIVERS\timntr.sys (TrueImage Backup Archive Explorer/Acronis)                                                                                                 [BOOT] timounter
Service  C:\WINDOWS\system32\drivers\Toshidpt.sys (Toshiba Bluetooth HID mini port driver/TOSHIBA Corporation.)                                                                             [MANUAL] toshidpt
Service  C:\WINDOWS\system32\DRIVERS\tosporte.sys (TOSHIBA Bluetooth Port Emulation Driver/TOSHIBA Corporation)                                                                             [MANUAL] tosporte
Service  C:\WINDOWS\System32\Drivers\tosrfbd.sys (Bluetooth RF Bus Driver/TOSHIBA CORPORATION)                                                                                              [MANUAL] Tosrfbd
Service  C:\WINDOWS\System32\Drivers\tosrfbnp.sys (Bluetooth RFBNEP Driver/TOSHIBA Corporation)                                                                                             [MANUAL] Tosrfbnp
Service  C:\WINDOWS\System32\Drivers\tosrfcom.sys (Bluetooth RFCOMM Driver/TOSHIBA Corporation)                                                                                             [SYSTEM] Tosrfcom
Service  C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys (Bluetooth HID Driver from TOSHIBA/TOSHIBA Corporation.)                                                                                  [MANUAL] Tosrfhid
Service  C:\WINDOWS\system32\DRIVERS\tosrfnds.sys (Bluetooth BNEP Driver/TOSHIBA Corporation.)                                                                                              [MANUAL] tosrfnds
Service  C:\WINDOWS\system32\drivers\TosRfSnd.sys (Bluetooth Audio Driver (WDM)/TOSHIBA Corporation)                                                                                        [MANUAL] TosRfSnd
Service  C:\WINDOWS\System32\Drivers\tosrfusb.sys (Bluetooth USB Miniport Driver/TOSHIBA CORPORATION)                                                                                       [MANUAL] Tosrfusb
Service  system32\drivers\tsclient.sys                                                                                                                                                      [MANUAL] TSClient
Service  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Hardware Resource Manager/Sony Corporation)  [MANUAL] VAIO Entertainment TV Device Arbitration Service
Service  C:\Programme\Sony\VAIO Event Service\VESMgr.exe (VAIO Event Service (Service Module)/Sony Corporation)                                                                             [AUTO] VAIO Event Service
Service  C:\Programme\Gemeinsame                                                                                                                                                            [MANUAL] Vcsw
Service  C:\WINDOWS\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                         [SYSTEM] vsdatant
Service  C:\WINDOWS\system32\ZoneLabs\vsmon.exe (TrueVector Service/Zone Labs, LLC)                                                                                                         [AUTO] vsmon
Service  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (VAIO Entertainment Database Service/Sony Corporation)                                  [AUTO] VzCdbSvc
Service  C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (VAIO Entertainment File Import Service/Sony Corporation)                                   [AUTO] VzFw
Service  C:\WINDOWS\system32\DRIVERS\w29n51.sys (Intel® Wireless LAN Driver/Intel® Corporation)                                                                                             [MANUAL] w29n51
Service  C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.)                                                                                                  [MANUAL] winachsf
Service                                                                                                                                                                                     Windows Workflow Foundation 3.0.0.0

---- EOF - GMER 1.0.15 ----
         

Alt 16.11.2009, 23:22   #27
Inuschka
 
TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



OTL Ergebnis
Code:
ATTFilter
OTL logfile created on: 16.11.2009 23:04:45 - Run 4
OTL by OldTimer - Version 3.1.5.0     Folder = C:\Dokumente und Einstellungen\iris\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,11 Mb Total Physical Memory | 598,20 Mb Available Physical Memory | 58,99% Memory free
1,63 Gb Paging File | 1,29 Gb Available in Paging File | 79,20% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 19,59 Gb Free Space | 52,58% Space Free | Partition Type: NTFS
Drive D: | 30,28 Gb Total Space | 21,96 Gb Free Space | 72,52% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1,91 Gb Total Space | 0,69 Gb Free Space | 36,07% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
 
Computer Name: IRIS_VAIO
Current User Name: iris
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Dokumente und Einstellungen\iris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
PRC - C:\Programme\Multimedia Mouse Driver\MouseDrv.exe ()
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Mindjet\MindManager 6\MmReminderService.exe (Mindjet)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\iris\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Autodesk Licensing Service) -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (mi-raysat_3dsMax2009_32) -- C:\Programme\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (S24EventMonitor) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb) -- C:\WINDOWS\system32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (akshasp) -- C:\WINDOWS\system32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (AegisP) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (BVRP Software)
DRV - (RimSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (E100B) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (SPI) -- C:\WINDOWS\system32\drivers\SonyPI.sys (Sony Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
         

Alt 16.11.2009, 23:23   #28
Inuschka
 
TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



zweiter teil
Code:
ATTFilter
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.0.1;127.0.0.1;localhost;;;;;;;;;;;;;;;;;;;;;;;;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.0.1:3128;https=192.168.0.1:3128;ftp=192.168.0.1:3128;gopher=192.168.0.1:3128;socks=192.168.0.1:1080
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.2.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5
FF - prefs.js..network.proxy.http: "192.168.0.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.07 10:21:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2009.11.16 23:00:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.03.09 10:06:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.11.16 23:00:41 | 00,000,000 | ---D | M]
 
[2009.03.09 10:06:50 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\Mozilla\Extensions
[2009.03.09 10:06:50 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.11.16 21:58:35 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\Mozilla\Firefox\Profiles\tm5unjcn.default\extensions
[2009.09.08 10:00:22 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\Mozilla\Firefox\Profiles\tm5unjcn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.09.15 10:07:35 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\Mozilla\Firefox\Profiles\tm5unjcn.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009.09.15 10:07:28 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\Mozilla\Firefox\Profiles\tm5unjcn.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.11.16 23:00:43 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.03.09 10:06:31 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.11.16 23:00:44 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009.03.09 10:06:11 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll
[2009.03.09 10:06:11 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll
[2009.11.16 23:00:17 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll
[2009.03.09 10:06:21 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
[2007.11.05 11:39:12 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
[2009.03.09 10:06:23 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.03.09 10:06:23 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.03.09 10:06:24 | 00,001,706 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml
[2009.03.09 10:06:24 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.03.09 10:06:24 | 00,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.03.09 10:06:24 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 6\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [WireLessMouse] C:\Programme\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [Skype] C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range78 ([*] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab (Java Plug-in 1.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.19 15:43:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2009.11.16 23:00:41 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009.11.16 23:00:41 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009.11.16 23:00:41 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009.11.16 23:00:41 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009.11.16 23:00:41 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009.11.16 22:33:03 | 00,241,664 | ---- | C] (Ask.com) -- C:\Programme\Uninstall Ask Toolbar.dll
[2009.11.16 19:26:26 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009.11.16 19:21:51 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009.11.16 19:21:51 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009.11.16 19:21:51 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009.11.16 19:21:51 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009.11.16 19:21:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.11.16 19:19:13 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.11.16 18:56:08 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\iris\Recent
[2009.11.16 18:33:46 | 00,000,000 | ---D | C] -- C:\Programme\CCleaner
[2009.11.16 11:37:44 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\iris\Desktop\OTL.exe
[2009.11.12 12:14:41 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009.11.12 12:14:03 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Dokumente und Einstellungen\iris\Desktop\VundoFix.exe
[2009.11.12 11:59:39 | 00,000,000 | ---D | C] -- C:\Programme\HijackThis
[2009.11.02 14:44:37 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\skypePM
[2009.11.02 14:32:22 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\Skype
[2009.11.02 14:31:03 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2009.11.02 14:30:58 | 00,000,000 | R--D | C] -- C:\Programme\Skype
[2009.11.02 14:30:49 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
         

Alt 16.11.2009, 23:24   #29
Inuschka
 
TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



dritter Teil
Code:
ATTFilter
========== Files - Modified Within 30 Days ==========
 
[2009.11.16 23:02:42 | 09,975,840 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009.11.16 23:00:16 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009.11.16 23:00:16 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009.11.16 23:00:16 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009.11.16 23:00:16 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009.11.16 23:00:15 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009.11.16 22:51:47 | 00,358,383 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009.11.16 22:51:11 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.11.16 22:49:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.11.16 22:49:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.11.16 22:48:50 | 00,119,588 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009.11.16 22:48:25 | 06,029,312 | -H-- | M] () -- C:\Dokumente und Einstellungen\iris\NTUSER.DAT
[2009.11.16 22:48:25 | 00,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\iris\ntuser.ini
[2009.11.16 21:16:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.11.16 21:15:17 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009.11.16 19:26:39 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009.11.16 19:15:48 | 03,560,773 | R--- | M] () -- C:\Dokumente und Einstellungen\iris\Desktop\cofi.exe
[2009.11.16 19:12:10 | 03,148,854 | ---- | M] () -- C:\Dokumente und Einstellungen\iris\Desktop\fehler.bmp
[2009.11.16 18:33:47 | 00,001,516 | ---- | M] () -- C:\Dokumente und Einstellungen\iris\Desktop\CCleaner.lnk
[2009.11.16 11:40:35 | 00,291,840 | ---- | M] () -- C:\Dokumente und Einstellungen\iris\Desktop\mjp2vgv5.exe
[2009.11.16 11:36:59 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\iris\Desktop\OTL.exe
[2009.11.15 23:33:54 | 00,091,301 | ---- | M] () -- C:\WINDOWS\System32\inyasxy
[2009.11.14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009.11.13 17:17:27 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2009.11.12 12:13:33 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Dokumente und Einstellungen\iris\Desktop\VundoFix.exe
[2009.11.12 09:30:53 | 00,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.11.07 00:02:52 | 00,029,790 | ---- | M] () -- C:\Dokumente und Einstellungen\iris\Desktop\pod.jpg
[2009.11.06 19:36:46 | 04,001,527 | ---- | M] () -- C:\Dokumente und Einstellungen\iris\Desktop\Studienarbeit_06112009.pdf
[2009.11.06 13:49:39 | 00,124,821 | ---- | M] () -- C:\Dokumente und Einstellungen\iris\Desktop\rui.jpg
[2009.11.05 18:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009.11.04 15:52:41 | 00,462,896 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2009.11.04 15:52:41 | 00,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.11.04 15:52:41 | 00,085,740 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2009.11.04 15:52:41 | 00,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.11.04 15:52:40 | 01,078,502 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.11.02 14:44:38 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.11.01 17:35:50 | 00,084,289 | ---- | M] () -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\mdbu.bin
[2009.10.27 13:35:50 | 00,727,387 | ---- | M] () -- C:\Dokumente und Einstellungen\iris\Desktop\PICT0048.JPG
[2009.10.25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009.10.22 10:16:22 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009.10.22 10:16:22 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2009.11.16 19:26:38 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009.11.16 19:26:29 | 00,262,448 | ---- | C] () -- C:\cmldr
[2009.11.16 19:21:51 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009.11.16 19:21:51 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009.11.16 19:21:51 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009.11.16 19:21:51 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009.11.16 19:21:51 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009.11.16 19:18:04 | 03,560,773 | R--- | C] () -- C:\Dokumente und Einstellungen\iris\Desktop\cofi.exe
[2009.11.16 19:12:09 | 03,148,854 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Desktop\fehler.bmp
[2009.11.16 18:33:47 | 00,001,516 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Desktop\CCleaner.lnk
[2009.11.16 11:40:47 | 00,291,840 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Desktop\mjp2vgv5.exe
[2009.11.15 23:33:54 | 00,091,301 | ---- | C] () -- C:\WINDOWS\System32\inyasxy
[2009.11.07 00:02:37 | 00,029,790 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Desktop\pod.jpg
[2009.11.06 19:36:46 | 04,001,527 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Desktop\Studienarbeit_06112009.pdf
[2009.11.06 13:49:39 | 00,124,821 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Desktop\rui.jpg
[2009.11.06 13:25:37 | 00,568,101 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Desktop\100_1927.JPG
[2009.11.02 14:44:38 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.10.27 13:35:44 | 00,727,387 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Desktop\PICT0048.JPG
[2009.10.14 21:46:51 | 00,084,289 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\mdbu.bin
[2009.07.09 00:35:57 | 00,000,046 | ---- | C] () -- C:\WINDOWS\mxcdr.INI
[2009.07.02 08:19:08 | 00,002,465 | R--- | C] () -- C:\WINDOWS\OOIDRV.INI
[2009.06.05 14:26:28 | 00,000,222 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos3_5.INI
[2009.06.05 14:13:06 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009.06.05 14:07:58 | 00,000,085 | ---- | C] () -- C:\WINDOWS\magix.ini
[2009.06.05 14:07:51 | 00,001,104 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008.12.07 19:28:53 | 00,000,282 | ---- | C] () -- C:\WINDOWS\avwin.ini
[2008.06.19 11:41:16 | 00,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008.06.14 21:13:32 | 00,000,102 | ---- | C] () -- C:\WINDOWS\afarechner.INI
[2008.05.26 14:53:48 | 00,000,073 | ---- | C] () -- C:\WINDOWS\MINDMA~1.INI
[2008.05.13 22:45:41 | 00,001,385 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007.11.26 22:40:28 | 00,000,658 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007.11.17 21:33:19 | 00,403,167 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\mdb.bin
[2007.11.17 19:24:37 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007.11.17 19:24:37 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007.11.17 19:24:37 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007.11.17 19:24:36 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007.11.17 19:24:36 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007.09.30 17:56:30 | 00,010,752 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.09 12:24:56 | 06,427,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\iris\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2007.06.26 10:11:30 | 00,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007.06.09 19:49:50 | 00,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll
[2007.06.09 19:49:50 | 00,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll
[2007.06.09 19:49:24 | 00,796,312 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007.06.07 21:57:25 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.06.05 15:30:41 | 00,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.06.05 14:34:28 | 00,237,568 | ---- | C] () -- C:\WINDOWS\NwtGatewayDLL.dll
[2007.06.05 14:34:28 | 00,001,109 | ---- | C] () -- C:\WINDOWS\NwtGatewayConfig.ini
[2007.05.04 10:02:35 | 00,000,157 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2007.03.28 19:30:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007.02.21 15:32:55 | 00,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2007.01.13 12:20:39 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2006.12.28 18:37:18 | 00,000,076 | ---- | C] () -- C:\WINDOWS\ds3sim.INI
[2006.09.12 20:04:57 | 00,000,164 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.07.30 15:18:51 | 00,000,030 | ---- | C] () -- C:\WINDOWS\avx.ini
[2006.07.23 15:06:01 | 00,000,029 | ---- | C] () -- C:\WINDOWS\USB Downloader.INI
[2006.07.03 17:57:50 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\wordinst.dll
[2006.07.03 12:37:54 | 00,058,608 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2006.07.03 11:11:24 | 00,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.07.03 01:27:53 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\iris\Anwendungsdaten\desktop.ini
[2006.07.03 01:27:52 | 00,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\iris\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.06.29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006.06.29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.04.18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005.12.20 12:45:54 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.12.20 11:56:00 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005.12.20 11:56:00 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005.12.20 11:56:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005.12.20 11:56:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005.12.20 11:56:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005.12.20 11:56:00 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005.12.20 11:39:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005.12.19 16:04:13 | 00,000,941 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005.12.19 15:35:12 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
[2005.12.19 07:27:30 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005.12.19 07:27:18 | 00,004,152 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.12.19 07:26:48 | 00,000,626 | ---- | C] () -- C:\WINDOWS\win.ini
[2005.12.19 07:26:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005.09.02 13:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 20:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004.07.20 16:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004.01.15 13:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003.02.20 17:53:42 | 00,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >
         

Alt 16.11.2009, 23:25   #30
Inuschka
 
TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



Extras
Code:
ATTFilter
OTL Extras logfile created on: 16.11.2009 23:04:45 - Run 4
OTL by OldTimer - Version 3.1.5.0     Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,11 Mb Total Physical Memory | 598,20 Mb Available Physical Memory | 58,99% Memory free
1,63 Gb Paging File | 1,29 Gb Available in Paging File | 79,20% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 19,59 Gb Free Space | 52,58% Space Free | Partition Type: NTFS
Drive D: | 30,28 Gb Total Space | 21,96 Gb Free Space | 72,52% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1,91 Gb Total Space | 0,69 Gb Free Space | 36,07% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
 
Computer Name: xxx_VAIO
Current User Name: xxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
h**p [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
h**ps [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\concept design\onlineTV 3\onlineTV.exe" = C:\Programme\concept design\onlineTV 3\onlineTV.exe:*:Enabled:onlineTV -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Autodesk\Backburner\monitor.exe" = C:\Programme\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Programme\Autodesk\Backburner\manager.exe" = C:\Programme\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Programme\Autodesk\Backburner\server.exe" = C:\Programme\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Programme\Autodesk\3ds Max 2009\3dsmax.exe" = C:\Programme\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit -- (Autodesk, Inc.)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06865995-6BBC-4038-9FE0-F0CFD7F81938}" = Nova
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{14583268-CF6A-4003-A3EA-0CAC77C978D3}" = Mindjet MindManager Pro 6
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1C70BE80-35E0-46DA-B81D-5BF5652F8D80}" = AV Mode Button Utility
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
         

Antwort

Themen zu TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll
32-bit, ad-aware, antivir, antivir guard, ask toolbar, avg, avira, desktop, excel, fehlermeldung, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, logfile, monitor, programm, realtek, software, system, tdlwsp.dll, toolbars, tr/vundo.gen, trojaner, virus, windows, windows xp



Ähnliche Themen: TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll


  1. Avira meldet TR/Sirefef.BV.2 -- C:\\windows\system32\ac97inctc.ddl und nach Quarantäne c:\\windows\system32\persfw.dll
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (4)
  2. incredibar eingefangen/ DLL C:\Windows\system32\MSCTF.dll ist keine gültige windows datei
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (22)
  3. Trojaner C:\Windows\system32\rundll32.exe Folgender Eintrag fehlt: FQ10 Fehler in C:\Windows\system32\rundll32.exe Folgender Eintrag fehlt:
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (19)
  4. @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe
    Plagegeister aller Art und deren Bekämpfung - 17.04.2011 (1)
  5. /Windows/system32/config/system - Fehler mit Windows und beim Starten des PCs.
    Alles rund um Windows - 25.04.2010 (4)
  6. ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll
    Plagegeister aller Art und deren Bekämpfung - 14.11.2009 (6)
  7. TR/Dropper.Gen in system32/tdlwsp.dll gefunden
    Plagegeister aller Art und deren Bekämpfung - 09.11.2009 (11)
  8. TR/Monder.bbwm und TR/Vundo.Gen im System32 Ordner
    Plagegeister aller Art und deren Bekämpfung - 23.02.2009 (29)
  9. TR/Vundo.Gen in system32
    Log-Analyse und Auswertung - 05.01.2009 (11)
  10. Hilfe Vundo Trojaner C:\Windows\System32\mllmmmm.dll
    Plagegeister aller Art und deren Bekämpfung - 03.10.2008 (8)
  11. TR/Vundo.Gen in C:\WINDOWS\system32\qomjh.dll und pmnlmkj.dll
    Plagegeister aller Art und deren Bekämpfung - 30.01.2008 (0)
  12. Virus TR/Vundo.Gen C:\WINDOWS\system32\vstr.dll nicht löschbar??
    Log-Analyse und Auswertung - 08.10.2007 (2)
  13. F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDO WS\system32\n
    Log-Analyse und Auswertung - 05.10.2007 (10)
  14. TR/Vundo.Gen im System32! Wie bekomme ich ihn weg?
    Log-Analyse und Auswertung - 29.03.2007 (1)
  15. TR/Vundo.Gen in C:\WINDOWS\System32\efeed.dll
    Log-Analyse und Auswertung - 10.10.2006 (10)
  16. Vundo.Gen in ...system32/mllmn.dll
    Log-Analyse und Auswertung - 10.10.2006 (2)
  17. Trojan.Vundo C:\WINDOWS\system32\vtstq.dll
    Log-Analyse und Auswertung - 05.02.2006 (7)

Zum Thema TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Als letztes noch die Logfile von Gmer Code: Alles auswählen Aufklappen ATTFilter GMER 1.0.15.15227 - http://www.gmer.net Rootkit scan 2009-11-16 12:35:26 Windows 5.1.2600 Service Pack 3 Running: mjp2vgv5.exe; Driver: C:\DOKUME~1\iris\LOKALE~1\Temp\ufliypoc.sys ---- - TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll...
Archiv
Du betrachtest: TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.