Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.11.2009, 08:00   #1
Andy200877
 
ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



Ich habe mir leider ebenfalls einen TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll eingefangen.

Avast und Windows Defender finden ihn mehrmals täglich und er wird von mir gelöscht. Nach einiger Zeit taucht er aber immer wieder auf.

Wie in einem anderen Beitrag gewünscht, poste ich mal ein paar Logs

OTL.TXT Part1
Code:
ATTFilter
OTL logfile created on: 14.11.2009 08:52:02 - Run 1
OTL by OldTimer - Version 3.1.5.0     Folder = C:\Users\Andy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,11% Memory free
4,00 Gb Paging File | 2,16 Gb Available in Paging File | 53,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 12,51 Gb Free Space | 25,62% Space Free | Partition Type: NTFS
Drive D: | 249,25 Gb Total Space | 160,88 Gb Free Space | 64,55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 3,68 Gb Total Space | 2,65 Gb Free Space | 71,99% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ANDY-LAPTOP
Current User Name: Andy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Andy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Programme\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Analogue Vista Clock\Analogue Vista Clock.exe ()
PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Belkin\Network USB Hub Control Center\Connect.exe (Belkin International, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Programme\WallpaperSS\WallpaperSS.exe (Gianpaolo Bottin)
PRC - C:\Windows\System32\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
PRC - C:\Programme\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Andy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\TeamViewer\Version4\TV.dll (TeamViewer GmbH)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (Nero BackItUp Scheduler 3) -- C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (EvtEng) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\System32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VMnetBridge) -- C:\Windows\System32\vmnetbridge.dll (VMware, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RimVSerPort) -- C:\Windows\System32\drivers\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM) -- C:\Windows\System32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (sxuptp) -- C:\Windows\System32\drivers\sxuptp.sys (silex technology, Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://borussia.de/de/home,2,0.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://borussia.de/de/home,2,0.html|http://fohlen.tv/de/videos.php|http://torfabrik.de/|http://heinsberger-fungamer.de/|http://heinsberger-fungamer.de/v2/includes/formular.php"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.08.30 20:50:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.09.13 14:26:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.01 18:43:03 | 00,000,000 | ---D | M]
 
[2009.09.07 18:34:57 | 00,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions
[2009.09.07 18:34:57 | 00,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.10.18 08:42:27 | 00,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\zlu7phu5.default\extensions
[2009.09.07 19:11:12 | 00,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\zlu7phu5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.05 20:59:13 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.09.13 14:26:22 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.09.13 14:26:16 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll
[2009.09.13 14:26:16 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll
[2009.11.01 18:42:33 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll
[2009.09.13 14:26:19 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll
[2009.07.30 23:59:14 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.07.30 23:59:14 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.07.31 00:39:06 | 00,002,371 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml
[2009.07.30 23:59:14 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.09.13 14:26:19 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.07.30 23:59:14 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (TBSB03700 Class) - {4E45B936-ACEA-4BE3-8F68-B1A3014867AC} - C:\Programme\IEToolbar\Ghost-of-usenet Toolbar\tbu04360\tbcore3.dll ()
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ghost-of-usenet Toolbar) - {10000000-1000-1000-1000-100000000000} - C:\Programme\IEToolbar\Ghost-of-usenet Toolbar\tbu04360\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ghost-of-usenet Toolbar) - {10000000-1000-1000-1000-100000000000} - C:\Programme\IEToolbar\Ghost-of-usenet Toolbar\tbu04360\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Analogue Vista Clock] C:\Programme\Analogue Vista Clock\Analogue Vista Clock.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [WallpaperSS] C:\Programme\WallpaperSS\WallpaperSS.exe (Gianpaolo Bottin)
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Netzwerk USB-Hub Kontrollzentrum.lnk = C:\Programme\Belkin\Network USB Hub Control Center\Connect.exe (Belkin International, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
         

Alt 14.11.2009, 08:01   #2
Andy200877
 
ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



OTL.TXT Part2
Code:
ATTFilter
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{03a04902-9f11-11de-b28c-001fe1f25394}\Shell - "" = AutoRun
O33 - MountPoints2\{03a04902-9f11-11de-b28c-001fe1f25394}\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2009.11.14 08:50:55 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2009.11.11 18:08:00 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009.11.11 18:07:56 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009.11.09 22:31:43 | 00,000,000 | ---D | C] -- C:\Users\Andy\Documents\FUSSBALL MANAGER 10 ONLINE
[2009.11.09 22:25:22 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2009.11.09 22:25:20 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2009.11.09 22:10:55 | 00,000,000 | ---D | C] -- C:\Users\Andy\Documents\FUSSBALL MANAGER 10
[2009.11.09 21:52:00 | 00,000,000 | ---D | C] -- C:\Programme\EA SPORTS
[2009.11.08 17:48:04 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.11.08 17:48:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.11.08 17:48:02 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2009.11.08 12:39:15 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009.11.08 12:39:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009.11.08 12:39:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009.11.05 21:35:39 | 00,028,416 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\System32\uxtuneup.dll
[2009.11.05 21:35:39 | 00,016,640 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\System32\authuitu.dll
[2009.11.05 21:35:32 | 00,361,728 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\System32\TuneUpDefragService.exe
[2009.11.05 21:35:31 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\TuneUp Software
[2009.11.05 21:35:04 | 00,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2009.11.05 21:35:04 | 00,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2009.11.05 21:34:48 | 00,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2008
[2009.11.05 07:04:12 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic Anti-Virus PLUS
[2009.11.05 07:04:12 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2009.11.05 07:04:12 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic Anti-Virus PLUS
[2009.11.05 07:04:12 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2009.11.05 07:04:12 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\ParetoLogic
[2009.11.04 20:05:41 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Malwarebytes
[2009.11.04 20:05:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.11.04 20:05:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.11.04 20:00:35 | 00,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2009.11.04 19:46:34 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009.11.04 07:10:44 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009.11.04 07:10:44 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009.11.04 07:10:44 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009.11.04 07:10:19 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009.11.04 07:10:19 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009.11.04 07:10:18 | 00,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009.11.04 07:10:18 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009.11.04 07:10:17 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009.11.04 07:10:17 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009.11.04 07:10:17 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009.11.04 07:10:17 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009.11.04 07:10:17 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009.11.04 07:10:17 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009.11.04 07:10:17 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009.11.04 07:10:17 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009.11.04 07:10:17 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009.11.04 07:10:17 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009.11.04 07:10:17 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009.11.04 07:10:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009.11.04 07:10:16 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009.11.04 07:10:16 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009.11.04 07:10:16 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009.11.04 07:10:16 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009.11.04 07:10:16 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009.11.04 07:10:16 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009.11.04 07:10:16 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009.11.04 07:10:16 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009.11.04 07:10:16 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009.11.04 07:10:16 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009.11.04 07:10:16 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009.11.04 07:09:50 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdbusenum.dll
[2009.11.04 07:09:50 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009.11.04 07:09:50 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009.11.04 07:09:44 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009.11.04 07:09:41 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdshext.dll
[2009.11.04 07:09:41 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009.11.04 07:09:41 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009.11.04 07:09:41 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009.11.04 07:09:41 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
[2009.11.04 07:09:41 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009.11.04 07:09:41 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WpdUsb.sys
[2009.11.04 07:09:41 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009.11.04 07:09:40 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009.11.04 07:09:40 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009.11.04 07:09:40 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009.11.04 07:09:38 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009.11.04 07:08:40 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009.11.04 07:08:39 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009.11.04 07:08:39 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[2009.11.04 06:14:00 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009.11.04 06:13:59 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009.11.03 18:27:38 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\thecleaner
[2009.11.03 01:48:06 | 00,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2009.11.01 18:43:03 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009.11.01 00:17:54 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\VMware
[2009.11.01 00:07:08 | 00,051,248 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetbridge.dll
[2009.11.01 00:02:27 | 00,000,000 | ---D | C] -- C:\ProgramData\VMware
[2009.11.01 00:02:27 | 00,000,000 | ---D | C] -- C:\ProgramData\VMware
[2009.10.29 18:06:52 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009.10.29 18:06:52 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009.10.29 18:06:52 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009.10.29 18:06:51 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009.10.29 18:06:26 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009.10.29 18:06:26 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009.10.29 18:06:26 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009.10.29 18:06:01 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009.10.29 18:06:01 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009.10.28 18:01:14 | 10,627,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009.10.28 18:01:11 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009.10.28 18:01:09 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009.10.27 18:00:55 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\dvdcss
[2009.10.22 18:05:13 | 00,000,000 | ---D | C] -- C:\Users\Andy\Documents\eagle
[2009.10.22 18:02:21 | 00,000,000 | ---D | C] -- C:\Programme\EAGLE-5.6.0
[2009.10.22 18:02:16 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\CadSoft
[2009.10.19 17:22:17 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009.10.18 12:15:52 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\2K Sports
[2009.10.18 12:12:09 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2009.10.18 12:12:09 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2009.10.18 12:12:08 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2009.10.18 12:12:08 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2009.10.18 12:12:08 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2009.10.18 12:12:08 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2009.10.18 12:12:08 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2009.10.18 12:12:07 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2009.10.18 12:12:07 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2009.10.18 12:12:07 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2009.10.18 12:12:07 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2009.10.18 12:12:07 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2009.10.18 12:12:06 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2009.10.18 12:12:06 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2009.10.18 12:12:06 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2009.10.18 12:12:06 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2009.10.18 12:12:06 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2009.10.18 12:12:06 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2009.10.18 12:12:05 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2009.10.18 12:12:05 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2009.10.18 12:12:05 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2009.10.18 12:12:05 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2009.10.18 12:12:05 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2009.10.18 12:12:05 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2009.10.18 12:12:04 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2009.10.18 12:12:04 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2009.10.18 12:12:03 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2009.10.18 12:12:03 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2009.10.18 12:12:03 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2009.10.18 12:12:03 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2009.10.18 12:12:03 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2009.10.18 12:12:02 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2009.10.18 12:12:02 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2009.10.18 12:12:02 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2009.10.18 12:12:02 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2009.10.18 12:12:02 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2009.10.18 12:12:02 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2009.10.18 12:12:01 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2009.10.18 12:12:01 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2009.10.18 12:11:59 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2009.10.18 12:11:59 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2009.10.18 12:11:59 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2009.10.18 12:11:59 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2009.10.18 12:11:59 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2009.10.18 12:11:58 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009.10.18 12:11:58 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2009.10.18 12:11:58 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2009.10.18 12:11:58 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2009.10.18 12:11:58 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2009.10.18 12:11:57 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2009.10.18 12:11:57 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2009.10.18 12:11:57 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2009.10.18 12:11:57 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2009.10.18 12:11:57 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2009.10.18 12:11:57 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2009.10.18 12:11:49 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2009.10.18 12:11:49 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2009.10.18 12:11:49 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2009.10.18 12:11:47 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2009.10.18 12:11:47 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2009.10.18 12:11:46 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2009.10.18 12:11:46 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2009.10.18 11:43:43 | 00,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2009.10.17 11:09:54 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\iWin
[2009.10.17 11:09:32 | 00,000,000 | ---D | C] -- C:\Programme\iWin.com Games
[2009.10.16 18:04:19 | 00,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL
         
__________________


Alt 14.11.2009, 08:03   #3
Andy200877
 
ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



OTL.TXT Part 3
Code:
ATTFilter
========== Files - Modified Within 30 Days ==========
 
[2009.11.14 08:55:09 | 02,883,584 | -HS- | M] () -- C:\Users\Andy\NTUSER.DAT
[2009.11.14 08:53:18 | 00,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{72D9C561-71C8-489D-8123-46D1403D1EF7}.job
[2009.11.14 08:51:09 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2009.11.14 08:50:52 | 00,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.11.14 08:50:52 | 00,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.11.14 08:00:00 | 00,000,498 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2009.11.13 18:54:04 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009.11.13 18:54:04 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009.11.13 18:54:03 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009.11.13 18:54:03 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009.11.13 18:00:00 | 00,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2009.11.13 16:50:47 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.11.12 03:23:51 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.11.12 03:23:39 | 01,676,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.11.12 03:21:40 | 00,524,288 | -HS- | M] () -- C:\Users\Andy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.11.12 03:21:40 | 00,065,536 | -HS- | M] () -- C:\Users\Andy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009.11.12 03:21:14 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009.11.12 03:20:47 | 04,176,664 | -H-- | M] () -- C:\Users\Andy\AppData\Local\IconCache.db
[2009.11.11 19:11:13 | 01,456,404 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.11.11 19:11:13 | 00,632,420 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2009.11.11 19:11:13 | 00,598,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.11.11 19:11:13 | 00,128,616 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2009.11.11 19:11:13 | 00,106,120 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.11.09 22:26:55 | 00,001,020 | ---- | M] () -- C:\Users\Andy\Desktop\Manager10.exe.lnk
[2009.11.07 18:35:30 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009.11.05 21:35:32 | 00,361,728 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\System32\TuneUpDefragService.exe
[2009.11.05 21:35:21 | 00,000,957 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2008.lnk
[2009.11.05 21:35:21 | 00,000,599 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2009.11.05 21:26:14 | 04,544,544 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2009.11.05 21:26:14 | 00,064,028 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2009.11.05 18:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009.11.05 18:02:00 | 00,003,153 | ---- | M] () -- C:\rollback.ini
[2009.11.04 19:55:33 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009.11.04 19:49:11 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009.11.03 18:26:04 | 00,000,100 | ---- | M] () -- C:\index.ini
[2009.11.02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009.11.01 20:20:48 | 00,012,800 | ---- | M] () -- C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.01 18:42:30 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009.11.01 18:04:04 | 00,000,600 | ---- | M] () -- C:\Users\Andy\AppData\Local\PUTTY.RND
[2009.11.01 00:04:45 | 00,001,024 | ---- | M] () -- C:\.rnd
[2009.10.29 19:42:39 | 00,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin
[2009.10.22 00:13:32 | 00,051,248 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetbridge.dll
[2009.10.21 11:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009.10.21 09:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009.10.18 11:29:59 | 00,050,110 | ---- | M] () -- C:\Users\Andy\Documents\Stadtmeister2007.pdf
[2009.10.18 08:52:31 | 00,002,647 | ---- | M] () -- C:\Users\Andy\Desktop\Microsoft FrontPage.lnk
[2009.10.17 11:09:53 | 00,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Quest III.lnk
 
========== Files Created - No Company Name ==========
 
[2009.11.09 22:26:30 | 00,001,020 | ---- | C] () -- C:\Users\Andy\Desktop\Manager10.exe.lnk
[2009.11.05 21:35:49 | 00,000,498 | ---- | C] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2009.11.05 21:35:21 | 00,000,957 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2008.lnk
[2009.11.05 21:35:21 | 00,000,599 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2009.11.05 18:02:00 | 00,003,153 | ---- | C] () -- C:\rollback.ini
[2009.11.05 17:53:43 | 00,000,440 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2009.11.05 07:14:57 | 04,544,544 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009.11.05 07:14:57 | 00,064,028 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2009.11.04 19:55:33 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009.11.04 19:49:11 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009.11.03 18:26:04 | 00,000,100 | ---- | C] () -- C:\index.ini
[2009.11.01 00:04:45 | 00,001,024 | ---- | C] () -- C:\.rnd
[2009.10.31 15:30:50 | 00,000,600 | ---- | C] () -- C:\Users\Andy\AppData\Local\PUTTY.RND
[2009.10.18 11:29:59 | 00,050,110 | ---- | C] () -- C:\Users\Andy\Documents\Stadtmeister2007.pdf
[2009.10.17 11:09:53 | 00,001,941 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest III.lnk
[2009.09.30 22:09:37 | 00,000,751 | ---- | C] () -- C:\Windows\EPICWIN.INI
[2009.09.29 17:05:24 | 00,092,664 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2009.09.26 19:55:44 | 00,012,800 | ---- | C] () -- C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.12 16:19:50 | 00,000,095 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\default.pls
[2009.09.12 16:19:36 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.11 21:03:20 | 00,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.09.08 19:01:56 | 00,002,724 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.09.08 19:01:56 | 00,000,088 | RHS- | C] () -- C:\ProgramData\4C49EBFC1F.sys
[2009.09.08 18:08:33 | 00,000,089 | ---- | C] () -- C:\Windows\ULead32.ini
[2009.09.01 23:36:18 | 00,237,568 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2009.09.01 23:36:18 | 00,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2009.08.30 22:56:50 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.30 20:49:36 | 00,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.30 20:24:00 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.08.30 20:04:14 | 00,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.30 20:03:55 | 00,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.30 19:19:06 | 04,176,664 | -H-- | C] () -- C:\Users\Andy\AppData\Local\IconCache.db
[2009.08.30 19:07:13 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009.08.30 18:46:35 | 00,092,664 | ---- | C] () -- C:\Users\Andy\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.08.30 18:46:09 | 00,000,680 | ---- | C] () -- C:\Users\Andy\AppData\Local\d3d9caps.dat
[2009.08.10 05:38:02 | 00,081,920 | ---- | C] () -- C:\Windows\System32\MPMapTrace.dll
[2009.08.10 05:02:44 | 00,364,544 | ---- | C] () -- C:\Windows\System32\mpPathan.dll
[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.07.25 15:40:02 | 00,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006.12.13 15:03:14 | 00,074,240 | ---- | C] () -- C:\Windows\System32\zlibwapi.dll
[2006.11.02 13:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006.11.02 13:37:35 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006.11.02 13:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006.11.02 13:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 13:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:23:31 | 00,000,273 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >
         
__________________

Alt 14.11.2009, 08:05   #4
Andy200877
 
ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



Extras.txt Part1
Code:
ATTFilter
OTL Extras logfile created on: 14.11.2009 08:52:02 - Run 1
OTL by OldTimer - Version 3.1.5.0     Folder = C:\Users\Andy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,11% Memory free
4,00 Gb Paging File | 2,16 Gb Available in Paging File | 53,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 12,51 Gb Free Space | 25,62% Space Free | Partition Type: NTFS
Drive D: | 249,25 Gb Total Space | 160,88 Gb Free Space | 64,55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 3,68 Gb Total Space | 2,65 Gb Free Space | 71,99% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ANDY-LAPTOP
Current User Name: Andy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4205034860-1355971374-617994796-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C6071E-F87F-4E6A-A139-9ECCBECE7FD0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1FF8A67A-CBDD-4855-BC7E-9FA1545954EB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{44682ABE-5DA5-4117-B308-5FDA453103BD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{451028E7-EEF0-4B2B-9577-B95A6D571E08}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4CC4836F-2C91-489C-99FF-55BBC3D7F01C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{568A8668-8168-44CC-8C1C-721975F89196}" = lport=19540 | protocol=17 | dir=in | name=sxuptp | 
"{5E62C533-063E-4983-8ABF-7B57F276521E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7518D950-BAB6-45BA-A49A-BB31F61E77B7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A3A76D57-46AB-4989-A12B-90581E70E186}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A5EBD435-C215-43F8-82AE-DD16258CEBC8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A6D6BD4C-E88A-4A3C-9857-EFADD59631F7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AA95AD53-8751-4F20-966F-0E5027353FB1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AB82855B-1C3E-465F-9555-D66BBD9A4203}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E70D8960-CFB7-4EFB-8BBF-4C65F3A5F4CB}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A86A351-AFCB-48D4-9E2A-69DFC0E9727B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe | 
"{0CB6657C-EB9E-417A-A665-8AB19137BA8D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{18B72D32-8521-4DE1-8AD7-E31EB73E4B85}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{274AA6BD-696B-4F03-8D02-FC44D1555CD2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{319054B5-6073-4D2B-818A-CE57F0C0A5D9}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe | 
"{33B215D5-04C3-453E-A921-BD836F5F640E}" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe | 
"{44876100-F406-4AB8-8930-7D8D0F2496A1}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe | 
"{82931EAB-8917-40D3-B9E9-364B500D0F1E}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe | 
"{BC2F6510-44CD-4822-A441-8D82A39DD3BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DA9BB6F7-7440-4437-AF8C-115A1C4EFA04}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DE5CA58B-4062-4734-AE58-0F84E2FAC259}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe | 
"{EC2C6E10-47E8-497E-B953-B08CA39D4119}" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe | 
"{ED200154-C465-45A9-A1BC-A2D471176DFE}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe | 
"{EF1962DD-742D-47E5-A0E4-E1398ABDC9BC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{FDF2B8C0-F171-4AB4-B365-D197CD0CA5E5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{28787731-297E-439D-A008-27AD549EA216}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{2C9EE405-5066-4128-BAD9-CCAABB97ADA1}D:\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=d:\nba 2k10\nba2k10.exe | 
"TCP Query User{3833869B-DDC9-4573-99C9-301C8C36C4DC}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"TCP Query User{581BF933-368D-4DD2-BFF1-F1FE1528AF6A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{7302D02A-D8CB-4994-8525-B561262462D1}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{7F8DC342-1218-42D4-876A-7EE597BECAF9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{8872C96E-19D8-42C2-92CD-0E66F220F465}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{BAF32110-7922-4449-9708-C675708C1691}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe | 
"TCP Query User{DDD5A00A-7D2C-464B-8CA4-00DCD24F9898}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"TCP Query User{E4EFDBC1-AA82-45B1-9585-859D4FCD66C2}C:\program files\idm computer solutions\ultraedit\uedit32.exe" = protocol=6 | dir=in | app=c:\program files\idm computer solutions\ultraedit\uedit32.exe | 
"UDP Query User{00CD57A7-432A-49E3-8DFA-07DB202C3A08}C:\program files\idm computer solutions\ultraedit\uedit32.exe" = protocol=17 | dir=in | app=c:\program files\idm computer solutions\ultraedit\uedit32.exe | 
"UDP Query User{168E7E0C-839E-4A4E-B05E-B5D871619F77}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"UDP Query User{17148686-ED21-44AA-8B2F-0FFC4885172F}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe | 
"UDP Query User{199B40FB-B2BD-4CE7-B8B5-95D95199980E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{50D929B6-F1D0-4945-A4C4-A7BE4C799C98}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{57BD392C-C8B0-440D-AB1B-CA839104958D}D:\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=d:\nba 2k10\nba2k10.exe | 
"UDP Query User{6638212E-7D88-41D4-BF23-59FA9BB47DDD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{668BE63C-D8DB-44EE-AFBA-0EF6253B7373}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{E302082A-8C13-4E75-99AA-9733EA86F4FA}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"UDP Query User{ECADE100-C40B-4132-8C0A-9EFFB843210C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 6.5 Build #1042 Banner Remover 1.2
"{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{58A49B80-2595-4C9D-B3EB-261E68A2C4D1}_is1" = Wallpaper SlideShow LT 1.3.0
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91FE9A2C-2FBD-4B48-B835-89BC0E943DBB}" = MPLAB Tools v8.36
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{AFC7E003-9CA8-4F68-AAB2-155D0CDF5AED}" = UltraEdit 15.00
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Analogue Vista Clock" = Analogue Vista Clock 1.18
"avast!" = avast! Antivirus
"Belkin Network USB Hub Control Center" = Belkin Netzwerk USB-Hub Kontrollzentrum
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)  
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"EAGLE 5.6.0" = EAGLE 5.6.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"InstallShield_{91FE9A2C-2FBD-4B48-B835-89BC0E943DBB}" = MPLAB Tools v8.36
"Jewel Quest III" = Jewel Quest III (nur deinstallation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"Target 3001! V14 discover" = Target 3001! V14 discover
"TBSB03700.TBSB03700Toolbar" = Ghost-of-usenet Toolbar
"TeamViewer 4" = TeamViewer 4
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
         

Alt 14.11.2009, 08:06   #5
Andy200877
 
ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



Extras.txt Part2
Code:
ATTFilter
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 07.09.2009 12:29:09 | Computer Name = Andy-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 F:\howto\email\1.jpg failed, 00000016.  
 
Error - 12.09.2009 12:35:43 | Computer Name = Andy-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 F:\howto\email\1.jpg failed, 00000016.  
 
Error - 04.10.2009 13:41:59 | Computer Name = Andy-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 \\192.168.0.16\hd (e)\Request\Appz\Microsoft Office 2007 Enterprise\hs-oe7de.bin
 failed, 00000040.  
 
Error - 31.10.2009 18:51:51 | Computer Name = Andy-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 http://saimei.acc.umu.se/debian-cd/5.0.3/i386/iso-dvd/debian-503-i386-DVD-1.iso
 failed, 00000084.  
 
Error - 31.10.2009 18:52:09 | Computer Name = Andy-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 http://gensho.acc.umu.se/debian-cd/5.0.3/i386/iso-dvd/debian-503-i386-DVD-2.iso
 failed, 00000084.  
 
Error - 31.10.2009 18:52:35 | Computer Name = Andy-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 http://gensho.acc.umu.se/debian-cd/5.0.3/i386/iso-dvd/debian-503-i386-DVD-3.iso
 failed, 00000084.  
 
Error - 31.10.2009 18:52:47 | Computer Name = Andy-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 http://laotzu.acc.umu.se/debian-cd/5.0.3/i386/iso-dvd/debian-503-i386-DVD-4.iso
 failed, 00000084.  
 
Error - 31.10.2009 18:52:59 | Computer Name = Andy-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 http://caesar.acc.umu.se/debian-cd/5.0.3/i386/iso-dvd/debian-503-i386-DVD-5.iso
 failed, 00000084.  
 
[ Application Events ]
Error - 09.11.2009 14:19:45 | Computer Name = Andy-Laptop | Source = VSS | ID = 8194
Description = 
 
Error - 09.11.2009 17:24:56 | Computer Name = Andy-Laptop | Source = VSS | ID = 8194
Description = 
 
Error - 09.11.2009 17:25:24 | Computer Name = Andy-Laptop | Source = System Restore | ID = 8193
Description = 
 
Error - 09.11.2009 21:03:45 | Computer Name = Andy-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Manager10.exe, Version 1.0.0.0, Zeitstempel 
0x4aca3a81, fehlerhaftes Modul GfxCore.dll, Version 0.0.0.0, Zeitstempel 0x4aca3946,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00245efe,  Prozess-ID 0x7ac, Anwendungsstartzeit
 01ca61862ba84380.
 
Error - 10.11.2009 13:20:23 | Computer Name = Andy-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.11.2009 01:49:12 | Computer Name = Andy-Laptop | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.18828 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1304  Anfangszeit: 01ca6291faa7d720  Zeitpunkt
 der Beendigung: 52
 
Error - 11.11.2009 13:00:43 | Computer Name = Andy-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.11.2009 22:24:19 | Computer Name = Andy-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.11.2009 12:57:06 | Computer Name = Andy-Laptop | Source = VSS | ID = 8194
Description = 
 
Error - 13.11.2009 13:52:44 | Computer Name = Andy-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Manager10.exe, Version 1.0.0.0, Zeitstempel 
0x4aca3a81, fehlerhaftes Modul nvd3dum.dll, Version 8.16.11.8681, Zeitstempel 0x4a8c758a,
 Ausnahmecode 0xc0000005, Fehleroffset 0x003a0c2b,  Prozess-ID 0xdb0, Anwendungsstartzeit
 01ca64890c3cd190.
 
[ OSession Events ]
Error - 01.11.2009 13:52:19 | Computer Name = Andy-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 109
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 30.08.2009 18:30:14 | Computer Name = Andy-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 30.08.2009 20:31:10 | Computer Name = Andy-Laptop | Source = WPDMTPDriver | ID = 80838
Description = 
 
Error - 30.08.2009 20:31:10 | Computer Name = Andy-Laptop | Source = WPDMTPDriver | ID = 80836
Description = 
 
Error - 31.08.2009 00:31:34 | Computer Name = Andy-Laptop | Source = WPDMTPDriver | ID = 80838
Description = 
 
Error - 31.08.2009 00:31:34 | Computer Name = Andy-Laptop | Source = WPDMTPDriver | ID = 80836
Description = 
 
Error - 31.08.2009 11:55:04 | Computer Name = Andy-Laptop | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 31.08.2009 13:48:10 | Computer Name = Andy-Laptop | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 31.08.2009 13:48:10 | Computer Name = Andy-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.08.2009 14:58:50 | Computer Name = Andy-Laptop | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 31.08.2009 16:24:30 | Computer Name = Andy-Laptop | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
 
< End of report >
         


Alt 14.11.2009, 08:07   #6
Andy200877
 
ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



Hijackthis.txt
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:06:19, on 14.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\OEM02Mon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WallpaperSS\WallpaperSS.exe
C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://borussia.de/de/home,2,0.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: TBSB03700 - {4E45B936-ACEA-4BE3-8F68-B1A3014867AC} - C:\Program Files\IEToolbar\Ghost-of-usenet Toolbar\tbu04360\tbcore3.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Ghost-of-usenet Toolbar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\Ghost-of-usenet Toolbar\tbu04360\tbcore3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Analogue Vista Clock] C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WallpaperSS] C:\Program Files\WallpaperSS\WallpaperSS.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Belkin Netzwerk USB-Hub Kontrollzentrum.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8731 bytes
         

Alt 14.11.2009, 10:19   #7
stupsip
 
ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Standard

ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll



Hey Andy,
hier wurde das Problem besprochen und gelöst: Virus Tr/Vundo.Gen - Internet, Netzwerke und Security

Wird dir hoffentlich bei dem Problem helfen.

Antwort

Themen zu ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll
0 bytes, adobe, audiodg.exe, avast!, bot, clock.exe, components, control center, corp./icp, defender, explorer, fontcache, format, helper, home, home premium, iexplore.exe, location, logfile, mozilla, netzwerk, nvlddmkm.sys, nvstor.sys, oldtimer, otl logfile, otl.exe, otl.txt, pdf, registry, searchplugins, security, skype.exe, software, sptd.sys, start menu, sttray.exe, system, tdlwsp.dll, toolbars, tr/vundo.gen, tuneup.defrag, usb, vista, windows



Ähnliche Themen: ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll


  1. Avira meldet TR/Sirefef.BV.2 -- C:\\windows\system32\ac97inctc.ddl und nach Quarantäne c:\\windows\system32\persfw.dll
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (4)
  2. ebenfalls Windows- Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (4)
  3. Ebenfalls Blackscreen, angebliche Windows Sicherheitswarnung
    Log-Analyse und Auswertung - 12.04.2012 (11)
  4. Ebenfalls:Windows Blockade
    Plagegeister aller Art und deren Bekämpfung - 14.12.2011 (7)
  5. Ebenfalls Windows Restore Befall
    Plagegeister aller Art und deren Bekämpfung - 19.04.2011 (13)
  6. @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe
    Plagegeister aller Art und deren Bekämpfung - 17.04.2011 (1)
  7. TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll
    Plagegeister aller Art und deren Bekämpfung - 18.11.2009 (56)
  8. TR/Dropper.Gen in system32/tdlwsp.dll gefunden
    Plagegeister aller Art und deren Bekämpfung - 09.11.2009 (11)
  9. TR/Monder.bbwm und TR/Vundo.Gen im System32 Ordner
    Plagegeister aller Art und deren Bekämpfung - 23.02.2009 (29)
  10. TR/Vundo.Gen in system32
    Log-Analyse und Auswertung - 05.01.2009 (11)
  11. Hilfe Vundo Trojaner C:\Windows\System32\mllmmmm.dll
    Plagegeister aller Art und deren Bekämpfung - 03.10.2008 (8)
  12. TR/Vundo.Gen in C:\WINDOWS\system32\qomjh.dll und pmnlmkj.dll
    Plagegeister aller Art und deren Bekämpfung - 30.01.2008 (0)
  13. Virus TR/Vundo.Gen C:\WINDOWS\system32\vstr.dll nicht löschbar??
    Log-Analyse und Auswertung - 08.10.2007 (2)
  14. TR/Vundo.Gen im System32! Wie bekomme ich ihn weg?
    Log-Analyse und Auswertung - 29.03.2007 (1)
  15. TR/Vundo.Gen in C:\WINDOWS\System32\efeed.dll
    Log-Analyse und Auswertung - 10.10.2006 (10)
  16. Vundo.Gen in ...system32/mllmn.dll
    Log-Analyse und Auswertung - 09.10.2006 (2)
  17. Trojan.Vundo C:\WINDOWS\system32\vtstq.dll
    Log-Analyse und Auswertung - 05.02.2006 (7)

Zum Thema ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll - Ich habe mir leider ebenfalls einen TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll eingefangen. Avast und Windows Defender finden ihn mehrmals täglich und er wird von mir gelöscht. Nach einiger Zeit taucht er aber - ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll...
Archiv
Du betrachtest: ebenfalls TR/Vundo.Gen in C:\WINDOWS\system32\tdlwsp.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.