Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: vdeck.exe G Data meldet Bedrohung (Keylogger) - fp?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.04.2013, 09:33   #1
dieter75
 
vdeck.exe G Data meldet Bedrohung (Keylogger) - fp? - Ausrufezeichen

vdeck.exe G Data meldet Bedrohung (Keylogger) - fp?



Guten Morgen,
Ich habe heute früh meinen Rechner gestartet und bekam von GData die Meldung, dass die "vdeck.exe" eine Bedrohung darstellen würde. Ich habe die Datei in die Quarantäne verschoben und im Anschluss zwei vollständige Scans mit meinem Antiviren-Programm und Malware Bytes gemacht - ohne Fund!

Ich würde mich dennoch gerne vergewissern, ob mein System sauber oder kompromittiert ist und mich über jede Hilfe freuen!

MfG Dieter

MSINFO:
Code:
ATTFilter
Betriebssystemname	Microsoft Windows 7 Professional
Version	6.1.7601 Service Pack 1 Build 7601
Zusätzliche Betriebssystembeschreibung 	Nicht verfügbar
Betriebssystemhersteller	Microsoft Corporation
Systemname	MEIN-PC
Systemhersteller	System manufacturer
Systemmodell	System Product Name
Systemtyp	x64-basierter PC
Prozessor	Intel(R) Core(TM) i5 CPU         750  @ 2.67GHz, 2667 MHz, 4 Kern(e), 4 logische(r) Prozessor(en)
BIOS-Version/-Datum	American Megatrends Inc. 0602, 02.04.2010
SMBIOS-Version	2.6
Windows-Verzeichnis	C:\Windows
Systemverzeichnis	C:\Windows\system32
Startgerät	\Device\HarddiskVolume1
Gebietsschema	Deutschland
Hardwareabstraktionsebene	Version = "6.1.7601.17514"
Benutzername	Mein-PC\Admin
Zeitzone	Mitteleuropäische Sommerzeit
Installierter physikalischer Speicher (RAM)	4,00 GB
Gesamter realer Speicher	3,99 GB
Verfügbarer realer Speicher	2,18 GB
Gesamter virtueller Speicher	7,98 GB
Verfügbarer virtueller Speicher	5,72 GB
Größe der Auslagerungsdatei	3,99 GB
Auslagerungsdatei	C:\pagefile.sys
         
OTL.txt:
Code:
ATTFilter
OTL logfile created on: 02.04.2013 08:50:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,70% Memory free
7,98 Gb Paging File | 5,66 Gb Available in Paging File | 70,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 383,24 Gb Total Space | 324,21 Gb Free Space | 84,60% Space Free | Partition Type: NTFS
Drive E: | 348,27 Gb Total Space | 270,15 Gb Free Space | 77,57% Space Free | Partition Type: NTFS
Drive F: | 199,92 Gb Total Space | 59,12 Gb Free Space | 29,57% Space Free | Partition Type: NTFS
 
Computer Name: MEIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.02 08:44:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2013.01.09 14:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.17 18:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.11.29 06:20:10 | 001,475,096 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012.11.29 05:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.11.29 05:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2009.11.24 15:25:28 | 001,874,432 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
PRC - [2009.11.17 20:42:26 | 005,821,952 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009.10.26 15:58:00 | 005,516,800 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
PRC - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.10.16 10:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009.09.23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009.08.28 12:36:28 | 000,075,048 | R--- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
PRC - [2009.08.19 16:44:56 | 000,603,136 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
PRC - [2009.08.19 13:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009.07.16 21:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- E:\Programme\CyberLink\PowerDVD\PowerDVD8\PDVD8Serv.exe
PRC - [2006.03.06 17:15:42 | 000,289,792 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.10.26 14:52:44 | 000,135,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV\TVOCLIB.DLL
MOD - [2009.09.30 05:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.04.29 14:24:44 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\Turbo Key\pngio.dll
MOD - [2009.04.29 14:24:44 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\Turbo Key\AiNap.dll
MOD - [2009.04.29 14:24:44 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\Turbo Key\vvc.dll
MOD - [2009.03.25 16:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009.01.15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2008.12.10 20:27:56 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV\pngio.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.26 07:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.12 08:53:12 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.07 14:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.29 12:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.29 06:14:21 | 002,377,736 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.11.29 06:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.11.29 05:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.11.29 05:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.10.16 10:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009.08.19 13:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.24 16:26:09 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013.01.23 20:00:43 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013.01.23 20:00:20 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013.01.23 20:00:20 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2013.01.23 20:00:20 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.17 20:30:35 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.05 09:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.10.21 05:30:32 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.10.24 04:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2008.10.24 04:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2007.12.11 04:49:54 | 000,026,624 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2007.12.03 04:20:54 | 000,024,064 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2007.05.14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009.08.28 19:36:26 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/12/30 17:51:05] [Kernel | Auto | Running] -- E:\Programme\CyberLink\PowerDVD\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 0E D1 1F 8E 2E CE 01  [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {CC1BD109-16A5-4b7b-A022-21E180FAFB8B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{70A910A8-CEF4-47a1-B3A2-F42E42625189}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\..\SearchScopes\{CC1BD109-16A5-4b7b-A022-21E180FAFB8B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.12 08:53:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.12 08:53:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.04.24 01:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Admin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: WOT = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.11_0\
CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google-Suche = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Lookup Companion for Wikipedia = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej\1.9.0_0\
CHR - Extension: Google Mail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\G-series Software\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r File not found
O4 - HKLM..\Run: [PDVD8LanguageShortcut] E:\Programme\CyberLink\PowerDVD\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [RemoteControl8] E:\Programme\CyberLink\PowerDVD\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Turbo Key] C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [TurboV] C:\Program Files (x86)\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F62A7B0D-E810-4F3E-945A-FC2343872B53}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe) - c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.02 08:44:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2013.04.01 05:10:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013.04.01 02:53:01 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2013.03.28 16:30:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\NVIDIA
[2013.03.28 16:28:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\.minecraft
[2013.03.13 07:10:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\A&B
[2013.03.12 08:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.02 08:48:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2399056518-580786342-4058147308-1000UA.job
[2013.04.02 08:47:10 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2013.04.02 08:46:03 | 000,377,856 | ---- | M] () -- C:\Users\Admin\Desktop\gmer_2.1.19155.exe
[2013.04.02 08:45:57 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe
[2013.04.02 08:44:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2013.04.02 08:40:31 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013.04.02 07:30:18 | 000,003,466 | ---- | M] () -- C:\Users\Admin\Documents\G Data Protokoll ID 1881.html
[2013.04.02 07:09:51 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2399056518-580786342-4058147308-1000Core.job
[2013.04.02 07:09:09 | 001,029,122 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.04.02 07:09:09 | 000,053,588 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.04.02 07:04:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.01 02:59:43 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 02:59:43 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 02:59:31 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.01 02:59:31 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.01 02:59:31 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.01 02:59:31 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.01 02:59:31 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.01 02:52:26 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.29 18:33:51 | 000,413,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.02 08:47:10 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2013.04.02 08:46:02 | 000,377,856 | ---- | C] () -- C:\Users\Admin\Desktop\gmer_2.1.19155.exe
[2013.04.02 08:45:57 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe
[2013.04.02 07:30:18 | 000,003,466 | ---- | C] () -- C:\Users\Admin\Documents\G Data Protokoll ID 1881.html
[2013.03.29 18:33:41 | 000,413,656 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.04.14 15:26:30 | 001,029,122 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.04.14 04:32:07 | 000,000,017 | ---- | C] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg
[2012.04.13 21:59:17 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.04.13 21:59:17 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.04.13 21:59:13 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.04.13 21:59:13 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.04.13 21:53:56 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.04.13 21:53:50 | 000,027,011 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.30 19:53:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.minecraft
[2012.06.14 01:21:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Audacity
[2012.05.13 00:24:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Kalypso Media
[2012.07.18 06:24:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2012.04.24 01:18:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird
[2012.05.13 08:07:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Tropico 4
[2013.04.02 08:46:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
         
OTL Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 02.04.2013 08:50:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,70% Memory free
7,98 Gb Paging File | 5,66 Gb Available in Paging File | 70,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 383,24 Gb Total Space | 324,21 Gb Free Space | 84,60% Space Free | Partition Type: NTFS
Drive E: | 348,27 Gb Total Space | 270,15 Gb Free Space | 77,57% Space Free | Partition Type: NTFS
Drive F: | 199,92 Gb Total Space | 59,12 Gb Free Space | 29,57% Space Free | Partition Type: NTFS
 
Computer Name: MEIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03BDF206-8A96-4F5F-A836-4FBD15820A9B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0439562E-050C-4E5A-A858-928449532220}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0501784A-8BB2-44DD-B8FE-E26869E8F2D3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{12AEE8C7-71A9-48E1-A4F7-638B719A3D23}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{13FBB938-6C0C-4590-A0E8-AA64CBE4AA60}" = lport=138 | protocol=17 | dir=in | app=system | 
"{203B5EFE-5CCE-4DD9-A251-88BF263BB93A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{24FE545A-67FD-4C21-B068-2D6FEDEA86B2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3033B04B-7DBF-4251-8907-DC148A2E4E58}" = lport=139 | protocol=6 | dir=in | app=system | 
"{319D528B-270B-4839-8A37-07C438DEFD1A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{34CE5A88-A39E-46FE-B7EF-B5F291F3AD2E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{38E42E88-D4A9-4411-BF02-C06DAE3FE182}" = lport=137 | protocol=17 | dir=in | app=system | 
"{532122EA-DDC1-48E2-A1A6-C64921BA03A1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{804BC2E3-E795-469B-84F6-6C7D7298334F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8CD227EE-47CF-4C35-8B0B-9568BB731F1A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8FB498A3-F309-43C8-BDAA-D972BDE57892}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9EB2E485-50F4-4BE3-8690-BFD3C0CF36B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A1000346-5676-47D2-A389-1BCCC2F94475}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B2D2AE26-E660-4473-9CEA-3D77269A51CF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B3D6632E-8BCA-443C-926B-527C64CBCA96}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B83CE99B-FCE2-4A75-B839-01E130CED017}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E21FCFC6-D4E4-44E1-9D7D-41148B564620}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F2CB9188-84BC-42C5-B7DD-611433B316D5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F70C9EA3-6890-437F-8673-5D247BA1C37B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FE72574E-D1E1-44BF-8608-7BB3A75CACF9}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A14D35-DB73-4866-8FAB-DE8873CE4392}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{037DF8CB-05A9-4740-AA98-2FCCB4C75B2F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0AC87838-5EC7-486B-BE3E-9FCC3A41A177}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0C5D5034-5628-4703-BB06-4218D5A184FF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1265577D-04C8-49D2-ADB2-AFD434E15A63}" = protocol=6 | dir=in | app=e:\programme\steam\steamapps\common\dota 2 beta\dota.exe | 
"{1265ADF5-8B6C-4330-85D4-CE1675750590}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{14B4D34E-E4C8-400D-9C7E-276F70B036DA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1D093884-BF00-45B8-9B0F-6A33B442B66A}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{21333F91-FD37-4F10-8C1F-A6A9105BC0C0}" = protocol=6 | dir=in | app=c:\program files (x86)\opera next\pluginwrapper\opera_plugin_wrapper.exe | 
"{2311AEA6-DB68-4542-98F7-021DF36D2481}" = protocol=6 | dir=in | app=e:\programme\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{2341B776-C16E-446C-91B5-D6E92584E0FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2CCE14D4-831E-417B-82A2-7D0BF0C39F41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2F3362C3-AFA0-4B34-8401-6E9A6AA41B7A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{323ABC73-8250-4D8E-894C-0E1731511099}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{332C8ADA-81C0-424D-89FC-2C9F89862927}" = dir=in | app=e:\programme\cyberlink\powerdvd\powerdvd8\powerdvd8.exe | 
"{34803270-0001-4DEE-9BDC-492F9E918688}" = dir=in | app=e:\programme\itunes\itunes.exe | 
"{3EDE7CD6-4A52-4E72-85C1-F83B92E87323}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3FFB25D6-A7DE-4915-A7FE-C38DAF4A8519}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4342C4ED-CE81-4B55-AC9C-893244FEFB02}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{54E71F1C-6A09-4790-8396-3104115EE6DA}" = protocol=17 | dir=in | app=c:\program files (x86)\opera next\opera.exe | 
"{58511B65-392F-4F74-86B5-394E944CFD4C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5B369916-FF2C-402A-9611-67B2D6C56F6B}" = protocol=6 | dir=out | app=system | 
"{5BB36B64-878E-454B-894C-073BD0885455}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{5BFAAE6B-7B24-4BCC-9A40-A9CF8E5A38BF}" = protocol=17 | dir=in | app=e:\programme\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{6467D949-4035-481B-AF50-DB7178957733}" = protocol=17 | dir=in | app=e:\programme\steam\steam.exe | 
"{678C363A-9DF4-4AD6-B007-B2465530F9AE}" = protocol=6 | dir=in | app=e:\programme\steam\steam.exe | 
"{6A600871-5DFA-4A7B-9F48-3738DB4D3A2B}" = protocol=6 | dir=in | app=e:\programme\valve\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{81734D2F-BEFF-46D3-9659-DD9F81458375}" = protocol=17 | dir=in | app=c:\program files (x86)\opera next\pluginwrapper\opera_plugin_wrapper.exe | 
"{84D9C49A-50FC-4A7E-BBA8-7803E1DF5A01}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{8A9D73F2-B077-4751-9B54-9F01C4DEC0D6}" = protocol=17 | dir=in | app=e:\programme\steam\steamapps\common\dota 2 beta\dota.exe | 
"{9CD8CE1E-EB23-42FF-8190-9588FD0C369E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A20587FC-7203-44B8-9A39-FD26FC69B749}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A3B0ED30-1CDE-4E91-A40A-DFCE942A126D}" = protocol=17 | dir=in | app=e:\programme\valve\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{A64F656B-7F7A-4738-A4E5-829385427F62}" = protocol=6 | dir=in | app=e:\programme\steam\steamapps\common\hitman absolution\hma.exe | 
"{ABD959E9-6361-415F-8866-163FAEA61417}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AE34F687-671B-4FF7-9165-41419848BEE0}" = protocol=6 | dir=in | app=e:\programme\valve\steam\steam.exe | 
"{AE7A944F-A6D0-4647-BBC4-E0CC5EF85F5F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera next\opera.exe | 
"{B1C181D7-7678-42D1-B212-DF31F4453DF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B563B0F0-FC75-4DAC-9CD4-4EB05378BE2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B8BA6FA3-56AC-4199-93BA-B012A97902E8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{BAD05AED-4884-4978-A2A8-EA7C8431C182}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{C772D936-0E37-4D51-927D-DDB3B7F73659}" = protocol=6 | dir=in | app=e:\programme\valve\steam\steamapps\chaos0000\counter-strike source\hl2.exe | 
"{CF148341-4BD4-4B30-868A-9B1F8126CFDC}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{D3A4F31A-9C74-4736-9BB9-930606F8DB48}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DBA7EB9C-E2DA-46C7-9384-F68447E10BB7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DFDA151A-B696-47DC-A4A9-70CE58ECC488}" = protocol=17 | dir=in | app=e:\programme\steam\steamapps\common\hitman absolution\hma.exe | 
"{E4E43E56-D423-4E8A-9F90-391C0E20FCC0}" = protocol=17 | dir=in | app=e:\programme\valve\steam\steamapps\chaos0000\counter-strike source\hl2.exe | 
"{E7FEE0CD-09B3-4432-B245-C778CD262E67}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EE58316A-C566-42C6-B756-AAE08529E260}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F70AC08C-EE79-47E9-9D8A-DD0CE60030DE}" = protocol=17 | dir=in | app=e:\programme\valve\steam\steam.exe | 
"{FD4B544C-8379-490E-A5F1-EF6E7E3306B7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{57BB2B25-A8CA-440E-A258-8EE66822B1DF}E:\programme\valve\steam\steamapps\chaos0000\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=e:\programme\valve\steam\steamapps\chaos0000\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{8A0F9D3E-36C0-4CF6-9DBB-BA8F5CEEFCCC}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{A69BDED4-1410-4E48-B96D-9E1EBD0E7C7A}E:\programme\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=e:\programme\microsoft games\age of empires ii\age2_x1\age2_x1.icd | 
"UDP Query User{45AE62B6-97D2-4AD4-BFCB-49B3275C3457}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{85C3F5E0-3CA8-453D-9267-C358B5E7C514}E:\programme\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=e:\programme\microsoft games\age of empires ii\age2_x1\age2_x1.icd | 
"UDP Query User{9F3F6D51-8902-428B-B6DF-DA90C1A137FE}E:\programme\valve\steam\steamapps\chaos0000\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=e:\programme\valve\steam\steamapps\chaos0000\half-life 2 deathmatch\hl2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5300" = Canon iP5300
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.6.5.6366 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3705C708-1B8A-43A3-8E94-6BAB33A3384B}" = Logitech G-series Keyboard Software
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}" = Turbo Key
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Canon iP5300 Benutzerregistrierung" = Canon iP5300 Benutzerregistrierung
"Canon Setup Utility 2.3" = Canon Setup Utility 2.3
"Diablo III" = Diablo III
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"FileHippo.com" = FileHippo.com Update Checker
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Thunderbird 17.0.4 (x86 en-US)" = Mozilla Thunderbird 17.0.4 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.50.1497" = Opera Next 12.50 internal build 1497
"PROHYBRIDR" = 2007 Microsoft Office system
"ShapeCollage" = Shape Collage
"Steam App 203140" = Hitman: Absolution
"Steam App 240" = Counter-Strike: Source
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"ZOTAC FireStorm" = ZOTAC FireStorm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.03.2013 14:28:42 | Computer Name = Mein-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 26.03.2013 14:28:42 | Computer Name = Mein-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 26.03.2013 14:28:42 | Computer Name = Mein-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 26.03.2013 14:28:48 | Computer Name = Mein-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 26.03.2013 14:28:48 | Computer Name = Mein-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 26.03.2013 14:28:48 | Computer Name = Mein-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 26.03.2013 14:28:48 | Computer Name = Mein-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 27.03.2013 15:37:08 | Computer Name = Mein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe_NvUpdt.dll, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bc9e0  Name des fehlerhaften Moduls: msvcrt.dll,
 Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f  Ausnahmecode: 0x40000015  Fehleroffset:
 0x000000000002a84e  ID des fehlerhaften Prozesses: 0x1030  Startzeit der fehlerhaften
 Anwendung: 0x01ce2b2273cfe317  Pfad der fehlerhaften Anwendung: C:\Windows\System32\rundll32.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\msvcrt.dll  Berichtskennung: b59ceac8-9715-11e2-b000-485b39d3b2fa
 
Error - 02.04.2013 01:04:19 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.04.2013 01:04:29 | Computer Name = Mein-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 72352796
 
[ System Events ]
Error - 18.03.2013 07:19:58 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 18.03.2013 07:19:58 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 18.03.2013 15:03:23 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Secunia Update Agent" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 18.03.2013 15:05:30 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 18.03.2013 15:05:30 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 19.03.2013 03:47:39 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Secunia Update Agent" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 19.03.2013 03:49:48 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 19.03.2013 03:49:48 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 19.03.2013 09:22:02 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 19.03.2013 09:22:02 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >
         
Gmer.txt:
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-04-02 09:22:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD10EARS-00Z5B1 rev.80.00A80 931,51GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kxldypog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\SysWOW64\DllHost.exe[5908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077041465 2 bytes [04, 77]
.text   C:\Windows\SysWOW64\DllHost.exe[5908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000770414bb 2 bytes [04, 77]
.text   ...                                                                                             * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\spoolsv.exe [1556:2348]                                                     000007fef79f10c8
Thread  C:\Windows\System32\spoolsv.exe [1556:2356]                                                     000007fef79b6144
Thread  C:\Windows\System32\spoolsv.exe [1556:2360]                                                     000007fef77a5fd0
Thread  C:\Windows\System32\spoolsv.exe [1556:2364]                                                     000007fef7793438
Thread  C:\Windows\System32\spoolsv.exe [1556:2368]                                                     000007fef77a63ec
Thread  C:\Windows\System32\spoolsv.exe [1556:2376]                                                     000007fef7a85e5c
Thread  C:\Windows\system32\taskhost.exe [3044:3408]                                                    000007fefb2e1010
Thread  C:\Windows\System32\svchost.exe [4696:1764]                                                     000007fee9d79688
Thread  C:\Windows\system32\DllHost.exe [5328:6668]                                                     000007fef8a2e8c4

---- EOF - GMER 2.1 ----
         
Danke nochmal im Voraus für Ihre Hilfe!

Alt 02.04.2013, 09:43   #2
t'john
/// Helfer-Team
 
vdeck.exe G Data meldet Bedrohung (Keylogger) - fp? - Standard

vdeck.exe G Data meldet Bedrohung (Keylogger) - fp?





sieht nach Falschmeldung aus.

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


dann:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________

__________________

Alt 02.04.2013, 09:52   #3
dieter75
 
vdeck.exe G Data meldet Bedrohung (Keylogger) - fp? - Standard

vdeck.exe G Data meldet Bedrohung (Keylogger) - fp?



Hallo,
Man soll sich ja bei Fragen direkt melden:
MBAR hat gerade nichts gefunden und somit kam auch kein CleanUp Button. Soll ich den Rechner jetzt dennoch rebooten bevor ich mit AdwCleaner weitermache?

Logfile:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 0.00.0.0000
www.malwarebytes.org

Database version: v0000.00.00.00

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: MEIN-PC [administrator]

02.04.2013 09:49:13
mbar-log-2013-04-02 (09-49-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 22290
Time elapsed: 1 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
__________________

Alt 02.04.2013, 10:19   #4
t'john
/// Helfer-Team
 
vdeck.exe G Data meldet Bedrohung (Keylogger) - fp? - Standard

vdeck.exe G Data meldet Bedrohung (Keylogger) - fp?



ja, kannst du so machen.
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.04.2013, 10:27   #5
dieter75
 
vdeck.exe G Data meldet Bedrohung (Keylogger) - fp? - Standard

vdeck.exe G Data meldet Bedrohung (Keylogger) - fp?



Super

Adw Cleaner Log:
Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 02/04/2013 um 10:22:51 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Admin - MEIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Admin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Admin\AppData\Local\Temp\OCS

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v26.0.1410.43

Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [771 octets] - [02/04/2013 10:22:51]

########## EOF - C:\AdwCleaner[S1].txt - [830 octets] ##########
         


Alt 02.04.2013, 10:32   #6
t'john
/// Helfer-Team
 
vdeck.exe G Data meldet Bedrohung (Keylogger) - fp? - Standard

vdeck.exe G Data meldet Bedrohung (Keylogger) - fp?



Alles prima.

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
--> vdeck.exe G Data meldet Bedrohung (Keylogger) - fp?

Alt 02.04.2013, 10:38   #7
dieter75
 
vdeck.exe G Data meldet Bedrohung (Keylogger) - fp? - Standard

vdeck.exe G Data meldet Bedrohung (Keylogger) - fp?



checkup.txt

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.59  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
G Data InternetSecurity 2013   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 Adobe Flash Player 11.6.602.180  
 Adobe Reader XI  
 Mozilla Thunderbird (17.0.4) 
 Google Chrome 25.0.1364.172  
 Google Chrome 26.0.1410.43  
````````Process Check: objlist.exe by Laurent````````  
 G Data InternetSecurity Firewall GDFwSvcx64.exe 
 G Data InternetSecurity Firewall GDFirewallTray.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 02.04.2013, 11:12   #8
t'john
/// Helfer-Team
 
vdeck.exe G Data meldet Bedrohung (Keylogger) - fp? - Standard

vdeck.exe G Data meldet Bedrohung (Keylogger) - fp?



Sehr gut!

Du bist sauber und entlassen!


Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
  • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.



Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.04.2013, 11:18   #9
dieter75
 
vdeck.exe G Data meldet Bedrohung (Keylogger) - fp? - Standard

vdeck.exe G Data meldet Bedrohung (Keylogger) - fp?



Vielen Dank Doc

Eine Frage noch: Muss ich bevor ich delfix starte noch bei Defogger auf Re-Enable klicken oder übernimmt das delfix für mich?

Ich werde danach mal die Lektüre abarbeiten und hoffe, dass ich die Dienste nicht allzu schnell wieder in Anspruch nehmen muss

Nochmals vielen Dank und einen schönen Tag
Dieter

Alt 02.04.2013, 12:48   #10
t'john
/// Helfer-Team
 
vdeck.exe G Data meldet Bedrohung (Keylogger) - fp? - Standard

vdeck.exe G Data meldet Bedrohung (Keylogger) - fp?



Zitat:
Muss ich bevor ich delfix starte noch bei Defogger auf Re-Enable klicken oder übernimmt das delfix für mich?
ja vorher! wieder reenablen und dann delfix

wuensche eine virenfreie Zeit
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.04.2013, 20:21   #11
dieter75
 
vdeck.exe G Data meldet Bedrohung (Keylogger) - fp? - Standard

vdeck.exe G Data meldet Bedrohung (Keylogger) - fp?



Danke gleichfalls!

Antwort

Themen zu vdeck.exe G Data meldet Bedrohung (Keylogger) - fp?
adblock, adobe reader xi, antiviren-programm, antivirus, autorun, battle.net, bho, bonjour, browser, dllhost.exe, down, error, firefox, flash player, helper, homepage, install.exe, launch, logfile, malware, malware bytes, mozilla, office 2007, panda usb vaccine, realtek, registry, rundll, security, software, svchost.exe, system, taskhost.exe, teamspeak, usb, vdeck.exe, windows, wrapper



Ähnliche Themen: vdeck.exe G Data meldet Bedrohung (Keylogger) - fp?


  1. Win7: Avast meldet Bedrohung durch URL:Mal
    Log-Analyse und Auswertung - 28.03.2015 (12)
  2. Trojanerverdacht, Avast meldet Bedrohung
    Plagegeister aller Art und deren Bekämpfung - 16.02.2015 (15)
  3. Windows 8.1 Avast meldet beim Systemstart eine Bedrohung. Was tun?
    Log-Analyse und Auswertung - 05.02.2015 (15)
  4. Winpatrol meldet Powercfg als bedrohung?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2014 (5)
  5. Avast meldet Bedrohung gefunden, doch findet nix
    Plagegeister aller Art und deren Bekämpfung - 10.12.2014 (10)
  6. Avast meldet eine Bedrohung : Win32:Evo-gen
    Plagegeister aller Art und deren Bekämpfung - 09.11.2014 (12)
  7. MBAM meldet Bedrohung
    Plagegeister aller Art und deren Bekämpfung - 04.11.2014 (3)
  8. Avast meldet eventuelle Bedrohung
    Plagegeister aller Art und deren Bekämpfung - 09.10.2014 (9)
  9. Avast meldet ununterbrochen Bedrohung durch win32:BrowseFox-C[PUP]
    Plagegeister aller Art und deren Bekämpfung - 17.08.2014 (7)
  10. Avast meldet Bedrohung LNK:Jenxcus-A [Trj]
    Log-Analyse und Auswertung - 11.08.2014 (11)
  11. vdeck.exe unbekannte Bedrohung! Ist mein System kompromittiert?
    Plagegeister aller Art und deren Bekämpfung - 07.08.2014 (6)
  12. Avast meldet Bedrohung bei jeder Seite die geöffnet wird
    Log-Analyse und Auswertung - 02.04.2014 (7)
  13. Windows 8 - avast! meldet Bedrohung wegen Gutscheinfilters
    Plagegeister aller Art und deren Bekämpfung - 15.11.2013 (3)
  14. avast meldet Bedrohung, Rechner langsam
    Log-Analyse und Auswertung - 20.06.2013 (9)
  15. Avast meldet plötzlich Bedrohung
    Plagegeister aller Art und deren Bekämpfung - 30.11.2012 (1)
  16. avast! meldet Bedrohung: Win32:rootkit-gen [Rtk]
    Log-Analyse und Auswertung - 03.12.2010 (3)
  17. G-Data meldet ...
    Plagegeister aller Art und deren Bekämpfung - 11.04.2008 (1)

Zum Thema vdeck.exe G Data meldet Bedrohung (Keylogger) - fp? - Guten Morgen, Ich habe heute früh meinen Rechner gestartet und bekam von GData die Meldung, dass die "vdeck.exe" eine Bedrohung darstellen würde. Ich habe die Datei in die Quarantäne verschoben - vdeck.exe G Data meldet Bedrohung (Keylogger) - fp?...
Archiv
Du betrachtest: vdeck.exe G Data meldet Bedrohung (Keylogger) - fp? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.