|  | 
| 
 | |||||||
| Log-Analyse und Auswertung: TR/Crypt.ZPACK.Gen2Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. | 
|  | 
|  | 
|  03.04.2012, 17:36 | #1 | 
|  |   TR/Crypt.ZPACK.Gen2 Hallo,  habe folgendes Problem auf meinem Rechner. Nach jedem Neustart bekomme ich von Avira folgenden Fund in der Datei C:\Windows\System32\jpgvnfv5.dll TR/Crypt.ZPACK.Gen2 DDS Scan ergab folgendes: DDS.txt Code: 
  ATTFilter .
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.19190  BrowserJavaVersion: 1.6.0_31
Run by Joe at 17:32:43 on 2012-04-03
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1633 [GMT 2:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\avmwlanstick\WlanNetService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Fraps\fraps.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\avmwlanstick\WLanGUI.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = about:blank
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
uWindow Title = Microsoft Internet Explorer
mStart Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
mSearch Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = fritz.box;local;*.local
uURLSearchHooks: ZoneAlarm-Sicherheit Toolbar: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - c:\program files\zonealarm-sicherheit\prxtbZone.dll
mURLSearchHooks: ZoneAlarm-Sicherheit Toolbar: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - c:\program files\zonealarm-sicherheit\prxtbZone.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ZoneAlarm-Sicherheit Toolbar: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - c:\program files\zonealarm-sicherheit\prxtbZone.dll
TB: ZoneAlarm-Sicherheit Toolbar: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - c:\program files\zonealarm-sicherheit\prxtbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [AVMWlanClient] c:\program files\avmwlanstick\wlangui.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} - hxxp://www.n2030.com/atlas_activex.dll
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{1D42570E-8085-4D83-A283-A99C07E67A2D} : DhcpNameServer = 192.168.178.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u6t2bqpz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\downloader\npdd.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\joe\appdata\local\octoshape\octoshape streaming services\octoprogram-l03-nms0810164_sua_900\npoctoshape.dll
FF - plugin: c:\users\joe\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-10-23 40840]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-25 207280]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-27 36000]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-10-23 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-10-23 81288]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-27 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-27 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-25 74640]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-24 21504]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-3 652360]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-16 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-10-23 358600]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-10-23 1141200]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\drivers\fwlanusbn.sys [2009-2-4 419328]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-3 20464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-2-6 122984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-6 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-6-5 4352]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-6 136176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2012-04-03 12:25:05	--------	d-----w-	c:\users\joe\appdata\roaming\Malwarebytes
2012-04-03 12:24:30	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-03 12:24:29	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-03 12:24:29	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-04-03 12:22:46	6582328	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{db5733e7-224a-4a95-b844-2ec494534e7d}\mpengine.dll
2012-04-01 18:06:05	--------	d-----w-	c:\users\joe\appdata\roaming\.minecraft
2012-04-01 08:12:15	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-03-30 20:57:56	--------	d-----w-	c:\windows\system32\xlive
2012-03-30 20:57:35	--------	d-----w-	c:\program files\Microsoft Games for Windows - LIVE
2012-03-24 08:19:08	463872	----a-w-	c:\windows\system32\ntqe0mnu.sys
2012-03-18 08:46:07	592824	----a-w-	c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 08:46:07	44472	----a-w-	c:\program files\mozilla firefox\mozglue.dll
2012-03-14 17:09:55	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 17:09:53	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-03-14 17:09:53	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-03-14 17:09:53	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-14 17:09:53	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-03-14 17:09:53	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 17:09:51	2409784	----a-w-	c:\program files\windows mail\OESpamFilter.dat
2012-03-14 11:30:38	613376	----a-w-	c:\windows\system32\rdpencom.dll
2012-03-14 11:30:38	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M  ====================
.
2012-04-01 18:12:57	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-04-01 09:04:07	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-23 08:11:00	221184	----a-w-	c:\windows\system32\aptws6t6e.dll
2012-02-23 08:18:36	237072	------w-	c:\windows\system32\MpSigStub.exe
.
         Attach.txt Code: 
  ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 22.10.2008 23:24:25 System Uptime: 03.04.2012 17:06:00 (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5B Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2394/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 263,842 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP854: 09.03.2012 15:54:14 - Windows Update RP855: 13.03.2012 13:43:27 - Windows Update RP856: 15.03.2012 08:54:32 - Windows Update RP857: 16.03.2012 11:42:38 - Windows Update RP858: 19.03.2012 03:10:12 - Geplanter Prüfpunkt RP859: 20.03.2012 08:21:41 - Windows Update RP860: 23.03.2012 09:12:10 - Windows Update RP861: 27.03.2012 15:08:18 - Windows Update RP862: 30.03.2012 12:51:00 - Geplanter Prüfpunkt RP863: 30.03.2012 13:30:27 - Windows Update RP864: 30.03.2012 22:52:09 - DirectX wurde installiert RP865: 30.03.2012 22:57:58 - DirectX wurde installiert RP866: 01.04.2012 20:09:41 - Removed Java(TM) 6 Update 31 RP867: 01.04.2012 20:12:36 - Installed Java(TM) 6 Update 31 RP868: 03.04.2012 14:21:44 - Windows Update RP869: 03.04.2012 17:01:33 - Removed UltraEdit 15.10 RP870: 03.04.2012 17:02:54 - Removed UltraCompare v6.30 . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Center 2.1 Adobe Photoshop Elements 5.0 Adobe Reader 9.5.0 - Deutsch Age of Empires Online AliceHilfe Apple Application Support Apple Mobile Device Support Apple Software Update Avira Free Antivirus AVM FRITZ!WLAN Bonjour Canon MP Navigator EX 1.0 Canon MP610 series Canon MP610 series Benutzerregistrierung Canon My Printer Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu CCleaner CD-LabelPrint CDDRV_Installer DAoC Portal Dark Age of Camelot DivX-Setup Downloader Fraps Google Chrome Google Earth Plug-in Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) iTunes Java Auto Updater Java(TM) 6 Update 31 Java(TM) 6 Update 7 KhalInstallWrapper League of Legends Logitech GamePanel Software 3.06.109 Logitech SetPoint Malwarebytes Anti-Malware Version 1.60.1.1000 Microsoft .NET Framework 3.5 Language Pack SP1 - deu Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft .NET Framework 4 Extended Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XNA Framework Redistributable 4.0 MobileMe Control Panel Mozilla Firefox 11.0 (x86 de) NVIDIA 3D Vision Treiber 266.58 NVIDIA Grafiktreiber 266.58 NVIDIA HD-Audiotreiber 1.1.13.1 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX-Systemsoftware 9.10.0514 NVIDIA Stereoscopic 3D Driver NVIDIA Systemsteuerung 266.58 OpenOffice.org 3.0 Opera 11.11 Pando Media Booster PVSonyDll QuickTime Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype Toolbars Skype™ 4.2 SopCast 3.2.4 Spelling Dictionaries Support For Adobe Reader 9 Spybot - Search & Destroy Spyware Doctor 7.0 Steam System Requirements Lab TeamSpeak 3 Client Terraria Ubisoft Game Launcher Unity Web Player Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VC 9.0 Runtime VC80CRTRedist - 8.0.50727.6195 Veetle TV Ventrilo Client Vista Codec Package VoiceOver Kit Windows Live ID Sign-in Assistant Windows Media Player Firefox Plugin Windows Mobile-Gerätecenter Windows Mobile-Ressourcen Windows Mobile Device Center Driver Update WinRAR ZoneAlarm-Sicherheit Toolbar ZoneAlarm Firewall ZoneAlarm Free ZoneAlarm Security ZoneAlarm Toolbar . ==== End Of File =========================== | 
|  04.04.2012, 09:53 | #2 | 
| /// Malware-holic       |   TR/Crypt.ZPACK.Gen2 hi,__________________ Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop 
 Code: 
  ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
 
				__________________ | 
|  04.04.2012, 12:15 | #3 | 
|  |   TR/Crypt.ZPACK.Gen2 Beide Datein im Anhang __________________ | 
|  04.04.2012, 15:49 | #4 | 
| /// Malware-holic       |   TR/Crypt.ZPACK.Gen2 hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. [CODE] :OTL SRV - [2012.03.23 10:11:00 | 000,221,184 | ---- | M] (Works Ltd.) [Auto | Running] -- C:\Windows\System32\aptws6t6e.dll -- (LanmanWorkstation) [2012.03.24 10:19:08 | 000,463,872 | ---- | C] (New Technology Quality, Ltd.) -- C:\Windows\System32\ntqe0mnu.sys :Files C:\Windows\System32\aptws6t6e.dll C:\Windows\System32\jpgvnfv5.dll :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste. 
   
				__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet | 
|  04.04.2012, 16:07 | #5 | 
|  |   TR/Crypt.ZPACK.Gen2 Dokument: [CODE]All processes killed Error: Unable to interpret < Code: 
  ATTFilter > in the current context!
========== OTL ==========
Error: Unable to stop service LanmanWorkstation!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation deleted successfully.
C:\Windows\System32\aptws6t6e.dll moved successfully.
C:\Windows\System32\ntqe0mnu.sys moved successfully.
========== FILES ==========
File\Folder C:\Windows\System32\aptws6t6e.dll not found.
File\Folder C:\Windows\System32\jpgvnfv5.dll not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 41620 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Joe
->Flash cache emptied: 3128401 bytes
 
User: Public
 
Total Flash Files Cleaned = 3,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Joe
->Temp folder emptied: 1982379 bytes
->Temporary Internet Files folder emptied: 1957015 bytes
->Java cache emptied: 22856305 bytes
->FireFox cache emptied: 1149701681 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 97112 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 1412956 bytes
RecycleBin emptied: 328656 bytes
 
Total Files Cleaned = 1.124,00 mb
 
 
OTL by OldTimer - Version 3.2.39.2 log created on 04042012_165646
Files\Folders moved on Reboot...
C:\Users\Joe\AppData\Local\Temp\~DF5BE0.tmp moved successfully.
File\Folder C:\Windows\temp\ZLT06a9e.TMP not found!
Registry entries deleted on Reboot...
         Upload der ZIP erfolgreich | 
|  04.04.2012, 16:34 | #6 | |
| /// Malware-holic       |   TR/Crypt.ZPACK.Gen2 danke Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop 
 Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat: 
 
				__________________ --> TR/Crypt.ZPACK.Gen2 | 
|  05.04.2012, 19:29 | #7 | 
|  |   TR/Crypt.ZPACK.Gen2 Ergebnis: Code: 
  ATTFilter ComboFix 12-04-04.02 - Joe 05.04.2012  20:04:16.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1786 [GMT 2:00]
ausgeführt von:: c:\users\Joe\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Joe\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-05 bis 2012-04-05  ))))))))))))))))))))))))))))))
.
.
2012-04-05 18:17 . 2012-04-05 18:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-04 14:56 . 2012-04-04 15:09	--------	d-----w-	C:\_OTL
2012-04-04 11:13 . 2012-04-04 11:13	--------	d-----w-	c:\program files\7-Zip
2012-04-03 12:25 . 2012-04-03 12:25	--------	d-----w-	c:\users\Joe\AppData\Roaming\Malwarebytes
2012-04-03 12:24 . 2012-04-03 12:24	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-03 12:24 . 2012-04-03 12:24	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-04-03 12:24 . 2011-12-10 13:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-03 12:22 . 2012-03-14 02:15	6582328	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB5733E7-224A-4A95-B844-2EC494534E7D}\mpengine.dll
2012-04-01 18:06 . 2012-04-01 18:33	--------	d-----w-	c:\users\Joe\AppData\Roaming\.minecraft
2012-04-01 08:12 . 2012-04-01 09:04	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-03-30 20:57 . 2012-03-30 20:57	--------	d-----w-	c:\windows\system32\xlive
2012-03-30 20:57 . 2012-03-30 20:57	--------	d-----w-	c:\program files\Microsoft Games for Windows - LIVE
2012-03-18 08:46 . 2012-03-18 08:46	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 08:46 . 2012-03-18 08:46	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 17:09 . 2012-02-02 15:16	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 17:09 . 2012-02-14 15:45	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-03-14 17:09 . 2012-02-14 15:45	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-14 17:09 . 2012-02-13 14:12	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-03-14 17:09 . 2012-02-13 13:47	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-03-14 17:09 . 2012-02-13 13:44	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 17:09 . 2012-01-31 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-03-14 11:30 . 2012-01-09 15:54	613376	----a-w-	c:\windows\system32\rdpencom.dll
2012-03-14 11:30 . 2012-01-09 13:58	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 18:12 . 2010-05-03 03:53	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-04-01 09:04 . 2011-06-13 18:58	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-30 21:32 . 2009-08-18 09:30	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-03-30 21:32 . 2009-08-18 09:24	19352	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-23 08:18 . 2009-10-02 23:36	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 12:04 . 2011-10-27 13:18	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-03-18 08:46 . 2011-05-03 12:32	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2011-05-09 09:49	176936	----a-w-	c:\program files\ZoneAlarm-Sicherheit\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}"= "c:\program files\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2008-09-05 1794048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-23 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 09:04]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 21:33]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 21:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = fritz.box;local;*.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} - hxxp://www.n2030.com/atlas_activex.dll
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\u6t2bqpz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
------- Dateityp-Verknüpfung -------
.
.txt=UltraEdit.txt
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ISW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-05 20:17
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\users\Joe\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1769992358-4173282101-2793672938-1000\Software\SecuROM\License information*]
"datasecu"=hex:b9,1e,1a,99,eb,7c,53,73,cb,3b,b7,62,6f,c3,0b,fb,79,48,d3,3f,de,
   02,3b,a2,e9,ed,fe,46,49,52,82,19,40,9b,ac,5c,32,62,52,b0,0b,cc,3e,b3,9a,91,\
"rkeysecu"=hex:ce,68,c6,9b,01,0e,5d,78,c2,08,f6,59,5a,ce,37,1b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{0aece2c2-be98-4b72-9e75-6830eb9a51e3}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:11020054
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{34407e69-1570-4998-8bd0-4bc9d653ce4e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001d60
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{5fca2b8b-e872-4c27-b048-356d06ad3c2f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f00184d
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{7ae3005f-0163-4097-9b53-0020ba3a069c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:16000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(640)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(5600)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Zeit der Fertigstellung: 2012-04-05  20:22:07
ComboFix-quarantined-files.txt  2012-04-05 18:22
.
Vor Suchlauf: 14 Verzeichnis(se), 283.774.533.632 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 283.538.419.712 Bytes frei
.
- - End Of File - - 4F03AB646296B9C887C12F037D199A2A
          | 
|  06.04.2012, 18:42 | #8 | 
| /// Malware-holic       |   TR/Crypt.ZPACK.Gen2 teste mal bitte ob alle browser vernünftig laufen.  
				__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet | 
|  11.04.2012, 16:01 | #9 | 
|  |   TR/Crypt.ZPACK.Gen2 | 
|  12.04.2012, 14:52 | #10 | 
| /// Malware-holic       |   TR/Crypt.ZPACK.Gen2 öffne malwarebytes, logdateien, poste alle berichte  
				__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet | 
|  13.04.2012, 09:17 | #11 | 
|  |   TR/Crypt.ZPACK.Gen2Code: 
  ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.04.03.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19190 Joe :: JOE-PC [Administrator] Schutz: Aktiviert 03.04.2012 14:26:18 mbam-log-2012-04-03 (14-26-18).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 188645 Laufzeit: 6 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCR\AppID\activex.DLL (Adware.180Solutions) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code: 
  ATTFilter 2012/04/03 14:26:08 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/03 14:26:09 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/03 14:26:10 +0200	JOE-PC	Joe	MESSAGE	Database already up-to-date
2012/04/03 14:26:11 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/03 14:26:14 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/03 14:26:15 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/03 16:38:58 +0200	JOE-PC	Joe	IP-BLOCK	85.183.254.9 (Type: outgoing, Port: 50923, Process: avnotify.exe)
2012/04/03 17:07:27 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/03 17:07:33 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/03 17:07:36 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/03 17:07:39 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/03 17:43:09 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/03 17:43:11 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/03 17:43:14 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/03 17:43:16 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/03 17:51:04 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/03 17:51:06 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/03 17:51:09 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/03 17:51:11 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/03 18:08:34 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/03 18:08:36 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/03 18:08:39 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/03 18:08:41 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/03 18:22:07 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/03 18:22:09 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/03 18:22:12 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/03 18:22:14 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
         Code: 
  ATTFilter 2012/04/04 12:21:30 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/04 12:21:31 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/04 12:21:32 +0200	JOE-PC	Joe	ERROR	Scheduled update failed:  No address found failed with error code 11004
2012/04/04 12:21:32 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/04 12:21:35 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/04 12:21:37 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/04 17:03:50 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/04 17:03:54 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/04 17:03:57 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/04 17:03:59 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/04 21:20:46 +0200	JOE-PC	Joe	IP-BLOCK	109.163.226.203 (Type: outgoing, Port: 50428, Process: firefox.exe)
2012/04/04 21:22:15 +0200	JOE-PC	Joe	IP-BLOCK	109.163.226.203 (Type: outgoing, Port: 50430, Process: firefox.exe)
2012/04/04 21:22:15 +0200	JOE-PC	Joe	IP-BLOCK	109.163.226.203 (Type: outgoing, Port: 50431, Process: firefox.exe)
         Code: 
  ATTFilter 2012/04/05 08:59:36 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/05 08:59:38 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/05 08:59:39 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/05 08:59:42 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/05 08:59:43 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/05 08:59:57 +0200	JOE-PC	Joe	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.03.06 to version v2012.04.05.03
2012/04/05 08:59:57 +0200	JOE-PC	Joe	MESSAGE	Starting database refresh
2012/04/05 08:59:57 +0200	JOE-PC	Joe	MESSAGE	Stopping IP protection
2012/04/05 08:59:58 +0200	JOE-PC	Joe	MESSAGE	IP Protection stopped
2012/04/05 09:00:00 +0200	JOE-PC	Joe	MESSAGE	Database refreshed successfully
2012/04/05 09:00:00 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/05 09:00:01 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/05 19:57:03 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/05 19:57:05 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/05 19:57:08 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/05 19:57:10 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/05 19:58:15 +0200	JOE-PC	Joe	MESSAGE	Stopping IP protection
2012/04/05 19:58:16 +0200	JOE-PC	Joe	MESSAGE	IP Protection stopped
2012/04/05 20:28:13 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/05 20:28:16 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/05 20:28:19 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/05 20:28:21 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
         Code: 
  ATTFilter 2012/04/06 04:31:49 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/06 04:31:51 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/06 04:31:52 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/06 04:31:55 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/06 04:31:57 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/06 04:32:03 +0200	JOE-PC	Joe	MESSAGE	Starting database refresh
2012/04/06 04:32:03 +0200	JOE-PC	Joe	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.05.03 to version v2012.04.06.01
2012/04/06 04:32:03 +0200	JOE-PC	Joe	MESSAGE	Stopping IP protection
2012/04/06 04:32:05 +0200	JOE-PC	Joe	MESSAGE	IP Protection stopped
2012/04/06 04:32:07 +0200	JOE-PC	Joe	MESSAGE	Database refreshed successfully
2012/04/06 04:32:07 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/06 04:32:09 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/06 12:57:47 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/06 12:57:49 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/06 12:57:52 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/06 12:57:54 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/06 18:19:48 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/06 18:19:50 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/06 18:19:53 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/06 18:19:54 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
         Code: 
  ATTFilter 2012/04/07 06:31:15 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/07 06:31:17 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/07 06:31:20 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/07 06:31:21 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/07 06:35:27 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/07 06:35:38 +0200	JOE-PC	Joe	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.06.01 to version v2012.04.07.01
2012/04/07 06:35:38 +0200	JOE-PC	Joe	MESSAGE	Starting database refresh
2012/04/07 06:35:38 +0200	JOE-PC	Joe	MESSAGE	Stopping IP protection
2012/04/07 06:35:40 +0200	JOE-PC	Joe	MESSAGE	IP Protection stopped
2012/04/07 06:35:42 +0200	JOE-PC	Joe	MESSAGE	Database refreshed successfully
2012/04/07 06:35:42 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/07 06:35:43 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/07 12:44:38 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/07 12:44:40 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/07 12:44:43 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/07 12:44:44 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
         Code: 
  ATTFilter 2012/04/08 16:04:16 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/08 16:04:17 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/08 16:04:19 +0200	JOE-PC	Joe	ERROR	Scheduled update failed:  No address found failed with error code 11004
2012/04/08 16:04:19 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/08 16:04:22 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/08 16:04:23 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/08 21:54:18 +0200	JOE-PC	Joe	IP-BLOCK	85.159.232.34 (Type: outgoing, Port: 51938, Process: firefox.exe)
2012/04/08 21:54:26 +0200	JOE-PC	Joe	IP-BLOCK	85.159.232.34 (Type: outgoing, Port: 51957, Process: firefox.exe)
2012/04/08 21:54:26 +0200	JOE-PC	Joe	IP-BLOCK	85.159.232.34 (Type: outgoing, Port: 51958, Process: firefox.exe)
2012/04/08 21:58:02 +0200	JOE-PC	Joe	IP-BLOCK	85.159.232.34 (Type: outgoing, Port: 52049, Process: firefox.exe)
2012/04/08 21:58:02 +0200	JOE-PC	Joe	IP-BLOCK	85.159.232.34 (Type: outgoing, Port: 52052, Process: firefox.exe)
2012/04/08 22:02:26 +0200	JOE-PC	Joe	IP-BLOCK	85.159.232.34 (Type: outgoing, Port: 52158, Process: firefox.exe)
2012/04/08 22:02:26 +0200	JOE-PC	Joe	IP-BLOCK	85.159.232.34 (Type: outgoing, Port: 52159, Process: firefox.exe)
2012/04/08 22:39:48 +0200	JOE-PC	Joe	IP-BLOCK	85.159.232.34 (Type: outgoing, Port: 53048, Process: firefox.exe)
2012/04/08 22:39:48 +0200	JOE-PC	Joe	IP-BLOCK	85.159.232.34 (Type: outgoing, Port: 53049, Process: firefox.exe)
         Code: 
  ATTFilter 2012/04/09 10:41:43 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/09 10:41:45 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/09 10:41:48 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/09 10:41:49 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/09 10:53:15 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/09 10:53:35 +0200	JOE-PC	Joe	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.07.01 to version v2012.04.09.02
2012/04/09 10:53:35 +0200	JOE-PC	Joe	MESSAGE	Starting database refresh
2012/04/09 10:53:35 +0200	JOE-PC	Joe	MESSAGE	Stopping IP protection
2012/04/09 10:53:37 +0200	JOE-PC	Joe	MESSAGE	IP Protection stopped
2012/04/09 10:53:40 +0200	JOE-PC	Joe	MESSAGE	Database refreshed successfully
2012/04/09 10:53:40 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/09 10:53:42 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/09 19:55:49 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/09 19:55:52 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/09 19:55:55 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/09 19:55:56 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/09 21:50:55 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 49580, Process: pmb.exe)
2012/04/09 22:34:15 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 52661, Process: pmb.exe)
2012/04/09 22:57:37 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 50327, Process: pmb.exe)
2012/04/09 23:33:47 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 60163, Process: pmb.exe)
         Code: 
  ATTFilter 2012/04/10 04:37:39 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/10 04:37:41 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/10 04:37:44 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/10 04:37:45 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/10 13:34:46 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/10 13:34:48 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/10 13:34:51 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/10 13:34:53 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/10 13:35:13 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/10 13:35:39 +0200	JOE-PC	Joe	MESSAGE	Starting database refresh
2012/04/10 13:35:39 +0200	JOE-PC	Joe	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.09.02 to version v2012.04.10.03
2012/04/10 13:35:39 +0200	JOE-PC	Joe	MESSAGE	Stopping IP protection
2012/04/10 13:35:41 +0200	JOE-PC	Joe	MESSAGE	IP Protection stopped
2012/04/10 13:35:44 +0200	JOE-PC	Joe	MESSAGE	Database refreshed successfully
2012/04/10 13:35:44 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/10 13:35:45 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/10 18:23:37 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/10 18:23:39 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/10 18:23:43 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/10 18:23:44 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
         Code: 
  ATTFilter 2012/04/11 06:57:02 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/11 06:57:04 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/11 06:57:07 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/11 06:57:08 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/11 07:07:30 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/11 07:07:41 +0200	JOE-PC	Joe	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.10.03 to version v2012.04.11.01
2012/04/11 07:07:41 +0200	JOE-PC	Joe	MESSAGE	Starting database refresh
2012/04/11 07:07:41 +0200	JOE-PC	Joe	MESSAGE	Stopping IP protection
2012/04/11 07:07:42 +0200	JOE-PC	Joe	MESSAGE	IP Protection stopped
2012/04/11 07:07:44 +0200	JOE-PC	Joe	MESSAGE	Database refreshed successfully
2012/04/11 07:07:44 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/11 07:07:45 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/11 12:34:44 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/11 12:34:46 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/11 12:34:49 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/11 12:34:51 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/11 12:38:00 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/11 12:38:03 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/11 12:38:06 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/11 12:38:10 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/11 17:03:33 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 53538, Process: pmb.exe)
2012/04/11 17:08:22 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 53614, Process: pmb.exe)
2012/04/11 17:25:18 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 65325, Process: pmb.exe)
2012/04/11 17:56:27 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 54621, Process: pmb.exe)
2012/04/11 18:42:48 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 53967, Process: pmb.exe)
2012/04/11 19:08:51 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 59699, Process: pmb.exe)
2012/04/11 19:27:57 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 49454, Process: pmb.exe)
2012/04/11 19:33:41 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 61074, Process: pmb.exe)
2012/04/11 19:49:51 +0200	JOE-PC	Joe	IP-BLOCK	109.163.226.203 (Type: outgoing, Port: 53036, Process: firefox.exe)
2012/04/11 19:51:36 +0200	JOE-PC	Joe	IP-BLOCK	109.163.226.203 (Type: outgoing, Port: 53114, Process: firefox.exe)
2012/04/11 19:52:08 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 55996, Process: pmb.exe)
2012/04/11 19:53:21 +0200	JOE-PC	Joe	IP-BLOCK	59.34.57.134 (Type: outgoing, Port: 20730, Process: sopcast.exe)
2012/04/11 19:53:21 +0200	JOE-PC	Joe	IP-BLOCK	59.34.57.134 (Type: outgoing, Port: 20730, Process: sopcast.exe)
2012/04/11 19:53:21 +0200	JOE-PC	Joe	IP-BLOCK	59.34.57.134 (Type: outgoing, Port: 20730, Process: sopcast.exe)
2012/04/11 19:53:29 +0200	JOE-PC	Joe	IP-BLOCK	59.34.57.134 (Type: outgoing, Port: 20730, Process: sopcast.exe)
2012/04/11 19:53:37 +0200	JOE-PC	Joe	IP-BLOCK	59.34.57.134 (Type: outgoing, Port: 20730, Process: sopcast.exe)
2012/04/11 20:36:51 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
2012/04/11 20:36:59 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
2012/04/11 21:24:44 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
2012/04/11 21:24:52 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
2012/04/11 21:25:00 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
2012/04/11 21:25:08 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
2012/04/11 21:41:25 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
2012/04/11 21:41:33 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
2012/04/11 21:41:33 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
2012/04/11 21:41:41 +0200	JOE-PC	Joe	IP-BLOCK	194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)
         Code: 
  ATTFilter 2012/04/12 00:33:11 +0200	JOE-PC	Joe	IP-BLOCK	77.78.212.237 (Type: outgoing, Port: 63403, Process: pmb.exe)
2012/04/12 00:33:43 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 63419, Process: pmb.exe)
2012/04/12 00:55:23 +0200	JOE-PC	Joe	IP-BLOCK	83.128.94.245 (Type: outgoing, Port: 61494, Process: pmb.exe)
2012/04/12 11:53:25 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/12 11:53:27 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/12 11:53:30 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/12 11:53:31 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/12 12:05:30 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/12 12:05:44 +0200	JOE-PC	Joe	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.04.08 to version v2012.04.12.02
2012/04/12 12:05:44 +0200	JOE-PC	Joe	MESSAGE	Starting database refresh
2012/04/12 12:05:44 +0200	JOE-PC	Joe	MESSAGE	Stopping IP protection
2012/04/12 12:05:46 +0200	JOE-PC	Joe	MESSAGE	IP Protection stopped
2012/04/12 12:05:49 +0200	JOE-PC	Joe	MESSAGE	Database refreshed successfully
2012/04/12 12:05:49 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/12 12:05:50 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/12 13:40:09 +0200	JOE-PC	Joe	IP-BLOCK	83.128.61.123 (Type: outgoing, Port: 50494, Process: pmb.exe)
2012/04/12 13:45:38 +0200	JOE-PC	Joe	IP-BLOCK	83.128.61.123 (Type: outgoing, Port: 50666, Process: pmb.exe)
2012/04/12 16:13:19 +0200	JOE-PC	Joe	IP-BLOCK	83.128.56.166 (Type: outgoing, Port: 51735, Process: pmb.exe)
2012/04/12 16:14:08 +0200	JOE-PC	Joe	IP-BLOCK	83.128.61.123 (Type: outgoing, Port: 51811, Process: pmb.exe)
2012/04/12 16:23:06 +0200	JOE-PC	Joe	IP-BLOCK	83.128.56.166 (Type: outgoing, Port: 52165, Process: pmb.exe)
2012/04/12 16:23:38 +0200	JOE-PC	Joe	IP-BLOCK	83.128.61.123 (Type: outgoing, Port: 52177, Process: pmb.exe)
2012/04/12 17:31:58 +0200	JOE-PC	Joe	IP-BLOCK	83.128.61.123 (Type: outgoing, Port: 52723, Process: pmb.exe)
2012/04/12 17:45:03 +0200	JOE-PC	Joe	IP-BLOCK	83.128.61.123 (Type: outgoing, Port: 53018, Process: pmb.exe)
         Code: 
  ATTFilter 2012/04/13 10:07:20 +0200	JOE-PC	Joe	MESSAGE	Starting protection
2012/04/13 10:07:23 +0200	JOE-PC	Joe	MESSAGE	Protection started successfully
2012/04/13 10:07:24 +0200	JOE-PC	Joe	MESSAGE	Executing scheduled update:  Daily
2012/04/13 10:07:26 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/13 10:07:27 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
2012/04/13 10:07:42 +0200	JOE-PC	Joe	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.12.02 to version v2012.04.13.02
2012/04/13 10:07:42 +0200	JOE-PC	Joe	MESSAGE	Starting database refresh
2012/04/13 10:07:42 +0200	JOE-PC	Joe	MESSAGE	Stopping IP protection
2012/04/13 10:07:43 +0200	JOE-PC	Joe	MESSAGE	IP Protection stopped
2012/04/13 10:07:46 +0200	JOE-PC	Joe	MESSAGE	Database refreshed successfully
2012/04/13 10:07:46 +0200	JOE-PC	Joe	MESSAGE	Starting IP protection
2012/04/13 10:07:47 +0200	JOE-PC	Joe	MESSAGE	IP Protection started successfully
          | 
|  24.05.2012, 09:44 | #12 | 
|  |   TR/Crypt.ZPACK.Gen2 Nein, aber bin noch von weiteren Erledigungen ausgegangen, oder wars das nun?    | 
|  13.04.2012, 10:40 | #13 | 
| /// Malware-holic       |   TR/Crypt.ZPACK.Gen2 lade den CCleaner  standard: CCleaner Download - CCleaner 3.17.1689 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten. 
				__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet | 
|  19.04.2012, 22:22 | #14 | 
|  |   TR/Crypt.ZPACK.Gen2Code: 
  ATTFilter 7-Zip 9.20 03.04.2012 3,54MB Adobe AIR Adobe Systems Inc. 20.02.2010 30,7MB 1.5.3.9130 benötigt Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.04.2012 11.2.202.233 benötigt Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.04.2012 11.2.202.233 benötigt Adobe Photoshop Elements 5.0 Adobe Systems, Inc. 11.02.2009 291MB 5.0 benötigt Adobe Reader 9.5.1 - Deutsch Adobe Systems Incorporated 18.04.2012 118,3MB 9.5.1 benötigt Age of Empires Online Microsoft 29.03.2012 4.143MB benötigt AliceHilfe 18.11.2010 1.0.0.1 unnötig Apple Application Support Apple Inc. 06.01.2012 61,1MB 2.1.6 unbekannt Apple Mobile Device Support Apple Inc. 25.06.2011 22,1MB 3.4.1.2 unbekannt Apple Software Update Apple Inc. 25.06.2011 2,25MB 2.1.3.127 unbekannt Avira Free Antivirus Avira 14.02.2012 77,5MB 12.0.0.898 benötigt AVM FRITZ!WLAN AVM Berlin 04.06.2010 benötigt Bonjour Apple Inc. 04.08.2011 0,73MB 3.0.0.2 unbekannt Canon MP Navigator EX 1.0 05.12.2008 66,0MB benötigt Canon MP610 series 05.12.2008 benötigt Canon MP610 series Benutzerregistrierung 05.12.2008 0,52MB benötigt Canon My Printer 05.12.2008 2,14MB benötigt Canon Utilities Easy-PhotoPrint EX 05.12.2008 209MB benötigt Canon Utilities Solution Menu 05.12.2008 1,59MB benötigt CCleaner Piriform 12.04.2012 4,46MB 3.17 benötigt CD-LabelPrint 05.12.2008 11,7MB unbekannt DAoC Portal DAoC Portal 01.12.2011 0,87MB 2.1.0 benötigt Dark Age of Camelot Electronic Arts 01.12.2011 5.545MB benötigt DivX-Setup DivX, LLC 27.02.2012 3,53MB 2.6.1.8 benötigt Downloader 12.11.2010 5,61MB benötigt Fraps 05.02.2012 32,6MB benötigt Google Chrome Google Inc. 05.02.2011 163,6MB 18.0.1025.162 unnötig Google Earth Plug-in Google 11.11.2011 40,9MB 6.1.0.5001 unbekannt iTunes Apple Inc. 04.08.2011 141,9MB 10.4.0.80 benötigt Java(TM) 6 Update 31 Oracle 31.03.2012 95,1MB 6.0.310 benötigt Java(TM) 6 Update 7 Sun Microsystems, Inc. 05.12.2008 138,0MB 1.6.0.70 benötigt League of Legends Riot Games 26.08.2011 2.521MB 1.02.0000 benötigt League of Legends Riot Games 08.04.2012 2.051MB 1.3 benötigt Logitech GamePanel Software 3.06.109 Logitech Inc. 10.10.2010 17,0MB 3.06.109 benötigt Logitech SetPoint Logitech 22.11.2008 17,6MB 4.60 benötigt Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 10.04.2012 11,5MB 1.61.0.1400 benötigt Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 18.08.2009 37,0MB unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 12.11.2011 27,8MB unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 120,3MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2010 24,5MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Extended Microsoft Corporation 22.12.2010 46,0MB 4.0.30319 unbekannt Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 29.03.2012 31,3MB 3.5.92.0 unbekannt Microsoft Games for Windows Marketplace Microsoft Corporation 29.03.2012 6,04MB 3.5.50.0 unbekannt Microsoft Silverlight Microsoft Corporation 16.02.2012 14,9MB 4.1.10111.0 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.10.2009 0,25MB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 0,29MB 8.0.61001 unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 24.10.2009 0,19MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 23.04.2011 0,58MB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 01.04.2010 1,41MB 9.0.21022 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 12.11.2010 0,22MB 9.0.21022.218 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 04.06.2010 0,58MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 24.09.2009 0,58MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 0,58MB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 28.10.2011 16,5MB 10.0.40219 unbekannt Microsoft XNA Framework Redistributable 4.0 Microsoft Corporation 23.02.2012 8,03MB 4.0.20823.0 unbekannt MobileMe Control Panel Apple Inc. 08.05.2011 11,3MB 3.1.6.0 unbekannt Mozilla Firefox 11.0 (x86 de) Mozilla 17.03.2012 36,4MB 11.0 benötigt NVIDIA 3D Vision Treiber 266.58 NVIDIA Corporation 06.02.2011 21,1MB 266.58 benötigt NVIDIA Grafiktreiber 266.58 NVIDIA Corporation 06.02.2011 90,1MB 266.58 benötigt NVIDIA HD-Audiotreiber 1.1.13.1 NVIDIA Corporation 06.02.2011 3,20MB 1.1.13.1 benötigt NVIDIA PhysX-Systemsoftware 9.10.0514 NVIDIA Corporation 06.02.2011 73,3MB 9.10.0514 benötigt OpenOffice.org 3.0 OpenOffice.org 02.03.2009 348MB 3.0.9379 benötigt Opera 11.11 Opera Software ASA 19.05.2011 34,2MB 11.11.2109 unnötig Pando Media Booster Pando Networks Inc. 08.04.2012 7,18MB 2.6.0.7 unbekannt QuickTime Apple Inc. 25.01.2012 73,3MB 7.71.80.42 unbekannt Skype Toolbars Skype Technologies S.A. 23.07.2010 5,25MB 1.0.4051 benötigt Skype™ 4.2 Skype Technologies S.A. 23.07.2010 31,8MB 4.2.169 benötigt SopCast 3.2.4 SopCast.com 07.11.2009 11,2MB 3.2.4 benötigt Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 06.12.2009 29,7MB 9.0.0 unbekannt Spybot - Search & Destroy Safer Networking Limited 15.09.2010 62,0MB 1.6.2 benötigt Spyware Doctor 7.0 PC Tools 03.12.2009 75,3MB 7.0 benötigt Steam Valve Corporation 15.06.2011 35,5MB 1.0.0.0 System Requirements Lab 06.08.2009 0,38MB unbekannt TeamSpeak 3 Client TeamSpeak Systems GmbH 15.09.2010 30,6MB benötigt TERA Frogster Online Gaming GmbH 18.04.2012 1.855MB 16.04 benötigt Ubisoft Game Launcher UBISOFT 01.04.2010 22,2MB 1.0.0.0 benötigt Unity Web Player Unity Technologies ApS 25.11.2011 0,20MB unbekannt Veetle TV Veetle, Inc 12.08.2011 9,89MB 0.9.18 unnötig Ventrilo Client Flagship Industries, Inc. 21.10.2010 4,43MB 3.0.5 benötigt Vista Codec Package Shark007 06.06.2009 46,4MB 5.2.9 unbekannt VoiceOver Kit Apple Inc. 07.02.2011 41,8MB 1.40.128.0 unbekannt Windows Live ID Sign-in Assistant Microsoft Corporation 29.03.2012 4,69MB 6.500.3165.0 unbekannt Windows Media Player Firefox Plugin Microsoft Corp 06.06.2009 0,29MB 1.0.0.8 benötigt WinRAR 28.07.2009 3,73MB benötigt ZoneAlarm Free Check Point 21.11.2011 24,8MB 10.1.065.000 benötigt ZoneAlarm-Sicherheit Toolbar ZoneAlarm-Sicherheit 21.11.2011 4,79MB benötigt | 
|  20.04.2012, 09:05 | #15 | 
| /// Malware-holic       |   TR/Crypt.ZPACK.Gen2 deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: AliceHilfe CD-LabelPrint Google : beide Java(TM) 6 Update 7 Microsoft Games : beide Microsoft Silverlight Opera Skype Toolbars Kostenlose Internetanrufe mit Skype. Telefone online billig anrufen skype 5 instalieren. deinstaliere: deinstaliere: Spelling Dictionaries Spybot : nutze lieber, nach update, von zeit zu zeit, malwarebytes. Spyware Doctor Unity Veetle Vista Codec Windows Live ZoneAlarm: kann ebenfalls weg, desktop firewalls sind unzuverlässig und zu 99 % sowieso unnütz. öffne otl bereinigen, pc startet neu. öffne ccleaner, analysieren, ccleaner starten, pc neustarten, testen wie das system läuft 
				__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet | 
|  | 
| Themen zu TR/Crypt.ZPACK.Gen2 | 
| .com, adobe, antivirus, avira, bonjour, canon, computer, cpu, defender, desktop, device driver, downloader, firefox, flash player, fontcache, google earth, home, mozilla, nicht möglich, plug-in, problem, programm, scan, security, software, spyware, stick, svchost.exe, system, usb, windows |