Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.09.2010, 18:10   #1
HalbesGB
 
TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll - Standard

TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll



Hallo,
AntiVir hat auf meinem System einen Trojaner entdeckt!
TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll
Die AntiVir Meldung taucht sehr oft auf, Popup messig, doch löschen, verschieben etc. lässt sich dieser Trojaner nicht. Hab versucht die Datai im abgesicherten Modus zu löschen, was dort geklappt hat, nach Neustart tauchte sie jedoch wieder auf.
CCleaner und Unlocker haben auch nicht geholfen. Hab es als Administrator (Vista) probiert, hat auch nichts gebracht. Ich hab hier die Load Datei heruntergeladen und alle schritte hoffentlich richtig befolgt, ich hoffe Ihr könnt mir helfen! Dank im Vorraus.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4582

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

09.09.2010 17:13:08
mbam-log-2010-09-09 (17-13-08).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142248
Laufzeit: 3 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Malwarebytes Logfile

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\dmdskres32.dll (Malware.Packer.Gen) -> Delete on reboot.

---

OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.09.2010 17:25:33 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\***\Desktop\MFTools
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 80,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70,00 Gb Total Space | 27,68 Gb Free Space | 39,54% Space Free | Partition Type: NTFS
Drive D: | 250,00 Gb Total Space | 191,87 Gb Free Space | 76,75% Space Free | Partition Type: NTFS
Drive E: | 611,51 Gb Total Space | 430,70 Gb Free Space | 70,43% Space Free | Partition Type: NTFS
Drive F: | 7,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SPIELE-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.09.09 15:41:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\MFTools\OTL.exe
PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.12.09 01:09:04 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.10.20 14:59:18 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2009.07.14 12:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.09.09 15:41:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\MFTools\OTL.exe
MOD - [2008.01.21 04:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2006.11.02 13:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (dmdskres32)
SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.12.09 01:09:04 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.14 12:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.02.05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010.05.05 20:45:59 | 000,134,880 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\acedrv09.sys -- (acedrv09)
DRV:64bit: - [2009.12.09 01:09:04 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.07.28 23:05:34 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.07.28 23:05:34 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2008.11.10 14:26:30 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008.11.04 04:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2007.05.02 12:11:14 | 000,145,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2007.05.02 12:11:14 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV:64bit: - [2007.05.02 12:11:14 | 000,019,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010.09.09 17:16:11 | 000,023,080 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1002092311\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[2009.10.31 22:48:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2009.10.31 22:48:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1002092311\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RegistryBooster] E:\Programme\RegistryBooster\launcher.exe File not found
O4 - HKCU..\Run: [TomTomHOME.exe] E:\TomTom HOME 2\TomTomHOMERunner.exe File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.25 06:16:57 | 000,000,046 | -H-- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{abc932a9-c620-11de-b8b2-00241d778f82}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{c8946f48-7acd-11de-88a6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c8946f48-7acd-11de-88a6-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Installer.exe -- [2010.05.25 06:16:57 | 002,505,256 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.09.09 17:05:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.09.09 15:44:44 | 000,000,000 | ---D | C] -- C:\Users\Gregor\AppData\Roaming\Malwarebytes
[2010.09.09 15:44:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.09.09 15:44:35 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.09.09 15:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.09 15:41:51 | 000,000,000 | ---D | C] -- C:\Users\Gregor\Desktop\MFTools
[2010.09.09 15:07:45 | 000,000,000 | ---D | C] -- C:\Users\Gregor\AppData\Roaming\Uniblue
[2010.09.06 15:36:51 | 000,000,000 | ---D | C] -- C:\Users\Gregor\Documents\AnyBizSoft PDF to Excel
[2010.08.26 14:36:10 | 000,000,000 | ---D | C] -- C:\Users\Gregor\SC2-WingsOfLiberty-deDE-Installer
[2010.08.26 14:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment.Trash
[2010.08.26 14:23:04 | 000,000,000 | ---D | C] -- C:\Users\Gregor\Documents\StarCraft II
[2010.08.26 14:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.08.26 14:23:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.08.26 12:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.07.17 13:52:26 | 000,000,000 | R--D | C] -- C:\Users\Gregor\Documents\Notes
[2010.07.10 15:48:47 | 000,000,000 | ---D | C] -- C:\Users\Gregor\AppData\Roaming\TrueCrypt
[2010.07.10 15:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2010.07.10 15:47:46 | 000,222,160 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\truecrypt.sys
[2010.07.10 15:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TC
[2010.07.10 01:02:18 | 000,000,000 | -H-D | C] -- C:\Users\Gregor\Desktop\Neuer Ordner
[2010.06.26 17:39:03 | 000,000,000 | ---D | C] -- C:\Users\Gregor\Documents\Two Worlds Demo Saves
[2010.06.23 20:09:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\TVUAx
 
========== Files - Modified Within 90 Days ==========
 
[2010.09.09 17:28:00 | 002,359,296 | -HS- | M] () -- C:\Users\Gregor\ntuser.dat
[2010.09.09 17:23:04 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.09.09 17:23:04 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.09.09 17:23:04 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.09.09 17:23:04 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.09.09 17:23:04 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.09.09 17:15:59 | 000,104,870 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.09.09 17:15:58 | 000,104,870 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.09.09 17:15:51 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.09 17:15:51 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.09 17:15:51 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.09 17:15:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.09 17:15:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.09 17:14:19 | 000,524,288 | -HS- | M] () -- C:\Users\Gregor\ntuser.dat{0213cf52-5956-11df-879a-f399e269e40a}.TMContainer00000000000000000001.regtrans-ms
[2010.09.09 17:14:19 | 000,065,536 | -HS- | M] () -- C:\Users\Gregor\ntuser.dat{0213cf52-5956-11df-879a-f399e269e40a}.TM.blf
[2010.09.09 17:14:18 | 003,012,539 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.09.09 17:14:00 | 000,025,600 | ---- | M] () -- C:\Users\Gregor\Desktop\trojaner board.doc
[2010.09.09 17:13:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.09 16:43:10 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CE56365F-5978-48D9-BB02-71A69614019C}.job
[2010.09.09 15:40:26 | 000,388,197 | ---- | M] () -- C:\Users\Gregor\Desktop\Load.exe
[2010.09.05 18:27:25 | 000,137,728 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.26 14:37:19 | 000,000,691 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.08.26 12:37:16 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.24 15:13:41 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2010.08.12 19:24:53 | 000,248,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.07.15 12:08:41 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini
[2010.07.10 15:47:46 | 000,222,160 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\truecrypt.sys
[2010.07.05 14:19:18 | 000,054,304 | ---- | M] () -- C:\Users\***\AppData\Roaming\GDIPFONTCACHEV1.DAT
 
========== Files Created - No Company Name ==========
 
[2010.09.09 17:13:59 | 000,025,600 | ---- | C] () -- C:\Users\***\Desktop\trojaner board.doc
[2010.09.09 15:39:58 | 000,388,197 | ---- | C] () -- C:\Users\***\Desktop\Load.exe
[2010.08.26 14:23:04 | 000,000,691 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.06.16 19:08:22 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.16 19:08:21 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.05 20:45:59 | 000,089,312 | ---- | C] () -- C:\Windows\SysWow64\acedrv09.dll
[2010.05.05 20:45:35 | 000,016,098 | ---- | C] () -- C:\Windows\German2.ini
[2009.11.28 00:29:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.11.28 00:27:38 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.11.23 01:01:47 | 000,000,034 | ---- | C] () -- C:\Users\***\AppData\Roaming\Spin Chat Preferences
[2009.10.24 14:48:48 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2009.10.24 14:48:48 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2009.10.24 14:48:48 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2009.10.24 14:48:44 | 000,008,981 | ---- | C] () -- C:\Windows\HL-2030.INI
[2009.10.24 14:48:44 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2009.10.24 14:44:20 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.09.11 22:14:57 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.11 22:14:22 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.08.07 20:21:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.28 21:09:28 | 000,137,728 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.28 13:23:00 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.07.28 07:50:34 | 000,104,870 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.07.28 07:50:34 | 000,104,870 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.07.28 07:40:18 | 000,427,030 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI2CAE.txt
[2009.07.28 07:40:18 | 000,011,482 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI2CAE.txt
[2009.07.27 19:01:13 | 000,000,732 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.09.07 15:25:15 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\fd531474.dll
[2006.09.07 15:25:15 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\b1256b88.dll
[2006.09.07 15:25:14 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\f59a6503.dll
 
========== LOP Check ==========
 
[2010.04.30 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2010.03.15 19:52:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.03.31 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2009.09.12 14:37:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IN-MEDIAKG
[2010.04.30 18:43:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NCH Swift Sound
[2009.11.28 00:30:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2009.10.31 22:48:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2010.07.14 17:03:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2010.08.26 12:39:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2010.09.09 15:07:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.02.09 19:38:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XnView
[2010.09.09 17:14:20 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.09.09 16:43:10 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CE56365F-5978-48D9-BB02-71A69614019C}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009.07.27 19:50:58 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009.07.28 13:26:59 | 000,000,197 | ---- | M] () -- C:\csb.log
[2010.09.09 17:15:15 | 312,020,990 | -HS- | M] () -- C:\pagefile.sys
[2009.07.28 13:24:31 | 000,002,517 | ---- | M] () -- C:\RHDSetup.log
[2010.09.09 17:16:16 | 000,000,124 | ---- | M] () -- C:\service.log
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 17:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 17:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 17:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010.01.11 17:36:18 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008.01.21 05:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\SysWOW64\ws2help.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D282699C
< End of report >
         
--- --- ---

---OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.09.2010 17:25:33 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\***\Desktop\MFTools
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 80,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70,00 Gb Total Space | 27,68 Gb Free Space | 39,54% Space Free | Partition Type: NTFS
Drive D: | 250,00 Gb Total Space | 191,87 Gb Free Space | 76,75% Space Free | Partition Type: NTFS
Drive E: | 611,51 Gb Total Space | 430,70 Gb Free Space | 70,43% Space Free | Partition Type: NTFS
Drive F: | 7,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SPIELE-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 0F F0 98 B9 E6 92 CA 01 [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{71819375-FE6A-433E-B7BE-3104520A1B20}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D993B515-8E91-420C-BF28-39C8AA812B9F}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D734D5-5B75-4C49-846F-1627BD6DDA21}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{13350270-032F-4F9E-89B6-E47BF6FB2B1A}" = protocol=17 | dir=in | app=d:\assassin's creed\assassinscreed_dx9.exe | 
"{1A7C5F7B-92D3-4540-BE9A-B80F04FEA282}" = protocol=6 | dir=in | app=d:\supreme comander\supreme commander\bin\supremecommander.exe | 
"{1F9EC15C-1A12-4D0B-A463-DBCA2B32F1A7}" = protocol=17 | dir=in | app=d:\starcraft2\starcraft ii\starcraft ii.exe | 
"{26F52347-E104-4F1F-A44C-3C5B54D5D43A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"{370AEE1D-CAAF-452C-B632-127F5F00FCB8}" = protocol=17 | dir=in | app=d:\supreme comander erweiterung\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{3AEA399A-E5C3-4DDE-92CE-9888CE4B141C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"{3DF98D29-4816-4614-9B6E-39F2BD8BAE77}" = protocol=6 | dir=in | app=d:\supreme comander\gpgnet\gpg.multiplayer.client.exe | 
"{431DB875-8BA5-43FD-B093-3056734DBA09}" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"{5DD45ECE-B4D0-4B5C-A96D-90AC6309223E}" = protocol=17 | dir=in | app=d:\grid\grid.exe | 
"{5E16B1B8-85E5-4E67-BCCF-0AF22406FEA3}" = protocol=6 | dir=in | app=c:\users\gregor\appdata\local\temp\reinstal\pdf_converter[1].exe | 
"{5EDE89F1-A3A2-48C0-AFF7-1B16BD86E830}" = protocol=6 | dir=in | app=d:\assassin's creed\assassinscreed_dx9.exe | 
"{64338DB1-2D88-40A7-BB74-0B0ABE4CC4E8}" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"{6AA4370C-F9B4-42E1-9541-502EB7DAF623}" = protocol=17 | dir=in | app=d:\assassin's creed\assassinscreed_launcher.exe | 
"{7F4B50D6-0363-48BA-98F2-F793DC505859}" = protocol=17 | dir=in | app=c:\users\gregor\appdata\local\temp\reinstal\pdf_converter[1].exe | 
"{95950C96-E293-46BB-A057-02CC26F174C7}" = protocol=17 | dir=in | app=c:\users\gregor\appdata\local\microsoft\windows\temporary internet files\content.ie5\3oqfmn1j\pdf_converter[1].exe | 
"{979F36A4-4058-4B57-90E0-C5226CEFC620}" = protocol=17 | dir=in | app=d:\supreme comander\gpgnet\gpg.multiplayer.client.exe | 
"{A6DBA8E9-992E-4C79-B1CE-1CDB657B6FD9}" = protocol=17 | dir=in | app=d:\assassin's creed\assassinscreed_dx10.exe | 
"{AB4EEF44-81D2-4296-9148-2D3DAA5CCC74}" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"{AEE4A943-97E5-42B9-8E18-D368939372AB}" = protocol=6 | dir=in | app=d:\assassin's creed\assassinscreed_dx10.exe | 
"{B5465092-6F16-4315-BF16-773D9874F0DD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"{B7767BC2-8D4D-4AF5-ACC6-217238267FB5}" = protocol=17 | dir=in | app=d:\supreme comander\supreme commander\bin\supremecommander.exe | 
"{CD491796-AED1-4F80-A9CC-91E1EA26ACB8}" = protocol=6 | dir=in | app=d:\starcraft2\starcraft ii\starcraft ii.exe | 
"{D2BE9A9B-35A4-448A-9AB4-9D14291AECD7}" = protocol=6 | dir=in | app=c:\users\gregor\appdata\local\microsoft\windows\temporary internet files\content.ie5\3oqfmn1j\pdf_converter[1].exe | 
"{D2D4C8DA-3187-433E-AF1C-CAF54384DB58}" = protocol=6 | dir=in | app=d:\grid\grid.exe | 
"{DF70E898-E007-44E5-AF85-DA649141B493}" = protocol=6 | dir=in | app=d:\assassin's creed\assassinscreed_launcher.exe | 
"{FAFA3482-B5DB-42F8-9D62-793150D1D7D1}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{FB5B8AAC-C801-4BAA-890D-50966F5DE8BB}" = protocol=6 | dir=in | app=d:\supreme comander erweiterung\supreme commander - forged alliance\bin\forgedalliance.exe | 
"TCP Query User{1249D850-E467-4509-97D8-59E269E93990}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{5A29793A-5796-44AC-A53D-59B6C54AC593}E:\icq6.5\icq.exe" = protocol=6 | dir=in | app=e:\icq6.5\icq.exe | 
"TCP Query User{6BBAF800-143A-439D-A189-CF99C0E7F82F}E:\emule\emule.exe" = protocol=6 | dir=in | app=e:\emule\emule.exe | 
"TCP Query User{C358539E-5146-47D8-8E6D-59A02B64E24C}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{D94918EA-FDC7-41D9-865F-644901F80DF7}D:\starcraft2\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft2\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{1EC179B3-0C8D-4DC7-8A98-EB7289178B5C}E:\emule\emule.exe" = protocol=17 | dir=in | app=e:\emule\emule.exe | 
"UDP Query User{4019D28F-97A2-46BB-89FC-637C7F8721B3}D:\starcraft2\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft2\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{9F0C0210-C9A2-4238-A239-972281672B95}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{A3FAB9C8-4600-42F9-97D6-4A36B08923BB}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{F95D013F-3153-4A92-A823-785A490AF89E}E:\icq6.5\icq.exe" = protocol=17 | dir=in | app=e:\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1 
"{0EF1489F-9264-4EE4-B26A-F82096FBFD63}" = Brother HL-2035
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 21
"{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54A2CFDE-DC70-46E0-92AC-DC88F6303D39}" = Guitar Pro 4
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{75AE638F-750A-11DF-96D5-005056806466}" = Google Earth Plug-in
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D3E3F224-704C-4873-BA3E-0B8D3D4C59E8}" = Samsung PC Studio 3
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BewerbungsGenie 5_is1" = DATA BECKER BewerbungsGenie 5
"CCleaner" = CCleaner
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"G3QP231012008_is1" = Questpaket 3 Deinstallation
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"Spin Upload" = Spin Upload 1.0
"StarCraft II" = StarCraft II
"TomTom HOME" = TomTom HOME 2.7.2.1825
"TrueCrypt" = TrueCrypt
"UnderCoverXP_is1" = UnderCoverXP 1.22
"VLC media player" = VLC media player 1.0.5
"WavePad" = WavePad Sound Editor
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.09.2010 06:08:35 | Computer Name = Spiele-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.09.2010 07:44:41 | Computer Name = Spiele-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.09.2010 08:08:35 | Computer Name = Spiele-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.09.2010 08:27:19 | Computer Name = Spiele-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 09.09.2010 08:28:13 | Computer Name = Spiele-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.09.2010 08:31:49 | Computer Name = Spiele-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.09.2010 09:01:27 | Computer Name = Spiele-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.09.2010 10:56:38 | Computer Name = Spiele-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 09.09.2010 10:59:19 | Computer Name = Spiele-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.09.2010 11:16:57 | Computer Name = Spiele-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 09.09.2010 09:01:27 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 09.09.2010 09:48:51 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 09.09.2010 10:57:32 | Computer Name = Spiele-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
 
Error - 09.09.2010 10:59:20 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.09.2010 10:59:20 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 09.09.2010 11:14:12 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 09.09.2010 11:15:11 | Computer Name = Spiele-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
 
Error - 09.09.2010 11:16:58 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 09.09.2010 11:16:58 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.09.2010 11:16:58 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---

Alt 09.09.2010, 21:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll - Standard

TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________

__________________

Alt 09.09.2010, 22:21   #3
HalbesGB
 
TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll - Standard

TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll



Vollscan geht leider nicht
Keine Rückmeldung bei ca. 13182 Dateien Laufzeit 1min 55sec
__________________

Alt 10.09.2010, 08:49   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll - Standard

TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll



Probier einen Vollscan im abgesicherten Modus.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.09.2010, 14:23   #5
HalbesGB
 
TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll - Standard

TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll



Ich weiss nicht woran das liegt aber die Datei ist auf einmal weg Hab AntiVir Scan gemacht und es wurden keine Viren gefunden.


Alt 11.09.2010, 12:32   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll - Standard

TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll



Ich seh die Datei auch nicht (mehr) im OTL-Log...
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
--> TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll

Antwort

Themen zu TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll
0x00000001, 7-zip, alternate, autorun, avgntflt.sys, avira, becker, bho, c:\windows\system32\rundll32.exe, converter, desktop, error, flash player, format, google earth, home, home premium, iexplore.exe, install.exe, kompatibilität, local\temp, location, locker, mozilla, object, oldtimer, otl logfile, picasa, popup, programdata, realtek, registry, rundll, security, server, shell32.dll, shortcut, software, studio, svchost.exe, sweetim, system, syswow64, trojaner, udp, vista, visual studio, vlc media player, windows



Ähnliche Themen: TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll


  1. TR/Agent.7375 in C:\Users\HerrTest\AppData\Local\Temp\nscA085.tmp\temp\5FT.zip
    Log-Analyse und Auswertung - 18.10.2015 (13)
  2. Begrenzte Internetverbindung unter Windows 10; keinerlei Probleme unter Ubuntu
    Netzwerk und Hardware - 05.09.2015 (13)
  3. Windows 8.1, Fund durch Avast: Win32:Evo-gen in C:\Windows\Temp
    Log-Analyse und Auswertung - 09.08.2015 (5)
  4. Windows 7, Verlagerung der Windows Temp nach Laufwerk D:, kann neue Benutzer nur als Administratoren anlegen
    Alles rund um Windows - 31.05.2014 (6)
  5. gvu will svchost.exe unter C:\users\user\appdata\local\temp starten
    Log-Analyse und Auswertung - 16.01.2014 (13)
  6. Avira meldet TR/Kryptik.58880145 unter C:\Users\test\AppData\Local\Temp\
    Plagegeister aller Art und deren Bekämpfung - 13.06.2013 (32)
  7. TrojWare.Win32.Buzus.carj in C:\Windows\Temp\HInfo.exe bzw. C:\Windows\Temp\restart.exe
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (2)
  8. Avira findet TR/EyeStye.N.1213 unter C:\User\***\AppData\Local\Temp\203.temp
    Log-Analyse und Auswertung - 31.10.2011 (5)
  9. Virus Gen:Variant.Renos.61 unter C:Users\XX\AppData\Local\Temp\
    Log-Analyse und Auswertung - 23.02.2011 (5)
  10. C:\Windows\Temp
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (1)
  11. TR/crypt.xpack.gen2 und 3 unter Vista in c:\windows\temp\tMPDC5.tmp
    Plagegeister aller Art und deren Bekämpfung - 07.10.2010 (16)
  12. Virus unter C:\Users\***\AppData\Local\Temp
    Plagegeister aller Art und deren Bekämpfung - 06.07.2010 (2)
  13. Trojaner TR/Crypt.ZPACK.gen in C:/WINDOWS/TEMP/xxxx.temp/svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 30.04.2010 (33)
  14. JAVA/Dldr.Agent.L C:\windows\Temp\~77E1.temp
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (2)
  15. windows/temp/lux.exe
    Plagegeister aller Art und deren Bekämpfung - 27.03.2008 (5)
  16. mx_**.temp dateien in windows/temp ordner?
    Plagegeister aller Art und deren Bekämpfung - 27.06.2007 (1)
  17. mehrere GB grosser avast ordner unter windows/temp/_AVAST4_ normal ?
    Antiviren-, Firewall- und andere Schutzprogramme - 19.01.2005 (10)

Zum Thema TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll - Hallo, AntiVir hat auf meinem System einen Trojaner entdeckt! TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll Die AntiVir Meldung taucht sehr oft auf, Popup messig, doch löschen, verschieben etc. lässt sich dieser Trojaner nicht. - TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll...
Archiv
Du betrachtest: TR/Spy.Gen unter C:\Windows\Temp\52ca09d8.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.