Trojaner-Board - TR/Crypt.ZPACK.Gen2

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - TR/Crypt.ZPACK.Gen2 (https://www.trojaner-board.de/113057-tr-crypt-zpack-gen2.html)

TR/Crypt.ZPACK.Gen2

Hallo,

habe folgendes Problem auf meinem Rechner. Nach jedem Neustart bekomme ich von Avira folgenden Fund in der Datei C:\Windows\System32\jpgvnfv5.dll

TR/Crypt.ZPACK.Gen2

DDS Scan ergab folgendes:

DDS.txt

Code:

.

DDS (Ver_2011-08-26.01) - NTFSx86 

Internet Explorer: 8.0.6001.19190  BrowserJavaVersion: 1.6.0_31

Run by Joe at 17:32:43 on 2012-04-03

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1633 [GMT 2:00]

.

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\avmwlanstick\WlanNetService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Fraps\fraps.exe

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

C:\Program Files\avmwlanstick\WLanGUI.exe

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = about:blank

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550

uWindow Title = Microsoft Internet Explorer

mStart Page = about:blank

mDefault_Page_URL = about:blank

mDefault_Search_URL = about:blank

mSearch Page = about:blank

mWindow Title = Microsoft Internet Explorer

uInternet Settings,ProxyOverride = fritz.box;local;*.local

uURLSearchHooks: ZoneAlarm-Sicherheit Toolbar: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - c:\program files\zonealarm-sicherheit\prxtbZone.dll

mURLSearchHooks: ZoneAlarm-Sicherheit Toolbar: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - c:\program files\zonealarm-sicherheit\prxtbZone.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: ZoneAlarm-Sicherheit Toolbar: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - c:\program files\zonealarm-sicherheit\prxtbZone.dll

TB: ZoneAlarm-Sicherheit Toolbar: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - c:\program files\zonealarm-sicherheit\prxtbZone.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized

uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"

mRun: [AVMWlanClient] c:\program files\avmwlanstick\wlangui.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"

mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"

mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"

mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} - hxxp://www.n2030.com/atlas_activex.dll

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{1D42570E-8085-4D83-A283-A99C07E67A2D} : DhcpNameServer = 192.168.178.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u6t2bqpz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q=

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\downloader\npdd.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\opera\program\plugins\np_gp.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll

FF - plugin: c:\users\joe\appdata\local\octoshape\octoshape streaming services\octoprogram-l03-nms0810164_sua_900\npoctoshape.dll

FF - plugin: c:\users\joe\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-10-23 40840]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-25 207280]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-27 36000]

R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-10-23 66952]

R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-10-23 81288]

R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-27 86224]

R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-27 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-25 74640]

R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-24 21504]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-3 652360]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-16 1153368]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-10-23 358600]

R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-10-23 1141200]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]

R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\drivers\fwlanusbn.sys [2009-2-4 419328]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-3 20464]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-2-6 122984]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-6 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 253600]

S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-6-5 4352]

S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-6 136176]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

.txt=UltraEdit.txt

.

=============== Created Last 30 ================

.

2012-04-03 12:25:05        --------        d-----w-        c:\users\joe\appdata\roaming\Malwarebytes

2012-04-03 12:24:30        --------        d-----w-        c:\programdata\Malwarebytes

2012-04-03 12:24:29        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-04-03 12:24:29        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-04-03 12:22:46        6582328        ----a-w-        c:\programdata\microsoft\windows defender\definition updates\{db5733e7-224a-4a95-b844-2ec494534e7d}\mpengine.dll

2012-04-01 18:06:05        --------        d-----w-        c:\users\joe\appdata\roaming\.minecraft

2012-04-01 08:12:15        418464        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-03-30 20:57:56        --------        d-----w-        c:\windows\system32\xlive

2012-03-30 20:57:35        --------        d-----w-        c:\program files\Microsoft Games for Windows - LIVE

2012-03-24 08:19:08        463872        ----a-w-        c:\windows\system32\ntqe0mnu.sys

2012-03-18 08:46:07        592824        ----a-w-        c:\program files\mozilla firefox\gkmedias.dll

2012-03-18 08:46:07        44472        ----a-w-        c:\program files\mozilla firefox\mozglue.dll

2012-03-14 17:09:55        2044416        ----a-w-        c:\windows\system32\win32k.sys

2012-03-14 17:09:53        683008        ----a-w-        c:\windows\system32\d2d1.dll

2012-03-14 17:09:53        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll

2012-03-14 17:09:53        160768        ----a-w-        c:\windows\system32\d3d10_1.dll

2012-03-14 17:09:53        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll

2012-03-14 17:09:53        1068544        ----a-w-        c:\windows\system32\DWrite.dll

2012-03-14 17:09:51        2409784        ----a-w-        c:\program files\windows mail\OESpamFilter.dat

2012-03-14 11:30:38        613376        ----a-w-        c:\windows\system32\rdpencom.dll

2012-03-14 11:30:38        180736        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

.

==================== Find3M  ====================

.

2012-04-01 18:12:57        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2012-04-01 09:04:07        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-23 08:11:00        221184        ----a-w-        c:\windows\system32\aptws6t6e.dll

2012-02-23 08:18:36        237072        ------w-        c:\windows\system32\MpSigStub.exe

.

Attach.txt

Code:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 22.10.2008 23:24:25

System Uptime: 03.04.2012 17:06:00 (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. |  | P5B

Processor: Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz | Socket 775 | 2394/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 263,842 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP854: 09.03.2012 15:54:14 - Windows Update

RP855: 13.03.2012 13:43:27 - Windows Update

RP856: 15.03.2012 08:54:32 - Windows Update

RP857: 16.03.2012 11:42:38 - Windows Update

RP858: 19.03.2012 03:10:12 - Geplanter Prüfpunkt

RP859: 20.03.2012 08:21:41 - Windows Update

RP860: 23.03.2012 09:12:10 - Windows Update

RP861: 27.03.2012 15:08:18 - Windows Update

RP862: 30.03.2012 12:51:00 - Geplanter Prüfpunkt

RP863: 30.03.2012 13:30:27 - Windows Update

RP864: 30.03.2012 22:52:09 - DirectX wurde installiert

RP865: 30.03.2012 22:57:58 - DirectX wurde installiert

RP866: 01.04.2012 20:09:41 - Removed Java(TM) 6 Update 31

RP867: 01.04.2012 20:12:36 - Installed Java(TM) 6 Update 31

RP868: 03.04.2012 14:21:44 - Windows Update

RP869: 03.04.2012 17:01:33 - Removed UltraEdit 15.10

RP870: 03.04.2012 17:02:54 - Removed UltraCompare v6.30

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Center 2.1

Adobe Photoshop Elements 5.0

Adobe Reader 9.5.0 - Deutsch

Age of Empires Online

AliceHilfe

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Avira Free Antivirus

AVM FRITZ!WLAN

Bonjour

Canon MP Navigator EX 1.0

Canon MP610 series

Canon MP610 series Benutzerregistrierung

Canon My Printer

Canon Utilities Easy-PhotoPrint EX

Canon Utilities Solution Menu

CCleaner

CD-LabelPrint

CDDRV_Installer

DAoC Portal

Dark Age of Camelot

DivX-Setup

Downloader

Fraps

Google Chrome

Google Earth Plug-in

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

iTunes

Java Auto Updater

Java(TM) 6 Update 31

Java(TM) 6 Update 7

KhalInstallWrapper

League of Legends

Logitech GamePanel Software 3.06.109

Logitech SetPoint

Malwarebytes Anti-Malware Version 1.60.1.1000

Microsoft .NET Framework 3.5 Language Pack SP1 - deu

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile DEU Language Pack

Microsoft .NET Framework 4 Extended

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 4.0

MobileMe Control Panel

Mozilla Firefox 11.0 (x86 de)

NVIDIA 3D Vision Treiber 266.58

NVIDIA Grafiktreiber 266.58

NVIDIA HD-Audiotreiber 1.1.13.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX-Systemsoftware 9.10.0514

NVIDIA Stereoscopic 3D Driver

NVIDIA Systemsteuerung 266.58

OpenOffice.org 3.0

Opera 11.11

Pando Media Booster

PVSonyDll

QuickTime

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype Toolbars

Skype™ 4.2

SopCast 3.2.4

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

Spyware Doctor 7.0

Steam

System Requirements Lab

TeamSpeak 3 Client

Terraria

Ubisoft Game Launcher

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

VC 9.0 Runtime

VC80CRTRedist - 8.0.50727.6195

Veetle TV

Ventrilo Client

Vista Codec Package

VoiceOver Kit

Windows Live ID Sign-in Assistant

Windows Media Player Firefox Plugin

Windows Mobile-Gerätecenter

Windows Mobile-Ressourcen

Windows Mobile Device Center Driver Update

WinRAR

ZoneAlarm-Sicherheit Toolbar

ZoneAlarm Firewall

ZoneAlarm Free

ZoneAlarm Security

ZoneAlarm Toolbar

.

==== End Of File ===========================

Gmer Scan war bisher nicht möglich, da das Programm ständig abstürzt.

hi,
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.

Code:

activex

netsvcs

msconfig

%SYSTEMDRIVE%\*.

%PROGRAMFILES%\*.exe

%LOCALAPPDATA%\*.exe

%systemroot%\*. /mp /s

/md5start

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

explorer.exe

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\*.dll /lockedfiles

%USERPROFILE%\*.*

%USERPROFILE%\Local Settings\Temp\*.exe

%USERPROFILE%\Local Settings\Temp\*.dll

%USERPROFILE%\Application Data\*.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Beide Datein im Anhang

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

[CODE]
:OTL
SRV - [2012.03.23 10:11:00 | 000,221,184 | ---- | M] (Works Ltd.) [Auto | Running] -- C:\Windows\System32\aptws6t6e.dll -- (LanmanWorkstation)
[2012.03.24 10:19:08 | 000,463,872 | ---- | C] (New Technology Quality, Ltd.) -- C:\Windows\System32\ntqe0mnu.sys
:Files
C:\Windows\System32\aptws6t6e.dll
C:\Windows\System32\jpgvnfv5.dll
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Dokument:

[CODE]All processes killed
Error: Unable to interpret <

Code:

> in the current context!

========== OTL ==========

Error: Unable to stop service LanmanWorkstation!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation deleted successfully.

C:\Windows\System32\aptws6t6e.dll moved successfully.

C:\Windows\System32\ntqe0mnu.sys moved successfully.

========== FILES ==========

File\Folder C:\Windows\System32\aptws6t6e.dll not found.

File\Folder C:\Windows\System32\jpgvnfv5.dll not found.

========== COMMANDS ==========

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 41620 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Joe

->Flash cache emptied: 3128401 bytes

 

User: Public

 

Total Flash Files Cleaned = 3,00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Joe

->Temp folder emptied: 1982379 bytes

->Temporary Internet Files folder emptied: 1957015 bytes

->Java cache emptied: 22856305 bytes

->FireFox cache emptied: 1149701681 bytes

->Google Chrome cache emptied: 0 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 97112 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 279440 bytes

Windows Temp folder emptied: 1412956 bytes

RecycleBin emptied: 328656 bytes

 

Total Files Cleaned = 1.124,00 mb

 

 

OTL by OldTimer - Version 3.2.39.2 log created on 04042012_165646
 

Files\Folders moved on Reboot...

C:\Users\Joe\AppData\Local\Temp\~DF5BE0.tmp moved successfully.

File\Folder C:\Windows\temp\ZLT06a9e.TMP not found!
 

Registry entries deleted on Reboot...

Upload der ZIP erfolgreich

danke

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Ergebnis:

Code:

ComboFix 12-04-04.02 - Joe 05.04.2012  20:04:16.1.4 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1786 [GMT 2:00]

ausgeführt von:: c:\users\Joe\Desktop\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Joe\AppData\Local\assembly\tmp

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-03-05 bis 2012-04-05  ))))))))))))))))))))))))))))))

.

.

2012-04-05 18:17 . 2012-04-05 18:17        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-04-04 14:56 . 2012-04-04 15:09        --------        d-----w-        C:\_OTL

2012-04-04 11:13 . 2012-04-04 11:13        --------        d-----w-        c:\program files\7-Zip

2012-04-03 12:25 . 2012-04-03 12:25        --------        d-----w-        c:\users\Joe\AppData\Roaming\Malwarebytes

2012-04-03 12:24 . 2012-04-03 12:24        --------        d-----w-        c:\programdata\Malwarebytes

2012-04-03 12:24 . 2012-04-03 12:24        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-04-03 12:24 . 2011-12-10 13:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-04-03 12:22 . 2012-03-14 02:15        6582328        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB5733E7-224A-4A95-B844-2EC494534E7D}\mpengine.dll

2012-04-01 18:06 . 2012-04-01 18:33        --------        d-----w-        c:\users\Joe\AppData\Roaming\.minecraft

2012-04-01 08:12 . 2012-04-01 09:04        418464        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-03-30 20:57 . 2012-03-30 20:57        --------        d-----w-        c:\windows\system32\xlive

2012-03-30 20:57 . 2012-03-30 20:57        --------        d-----w-        c:\program files\Microsoft Games for Windows - LIVE

2012-03-18 08:46 . 2012-03-18 08:46        592824        ----a-w-        c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-18 08:46 . 2012-03-18 08:46        44472        ----a-w-        c:\program files\Mozilla Firefox\mozglue.dll

2012-03-14 17:09 . 2012-02-02 15:16        2044416        ----a-w-        c:\windows\system32\win32k.sys

2012-03-14 17:09 . 2012-02-14 15:45        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll

2012-03-14 17:09 . 2012-02-14 15:45        160768        ----a-w-        c:\windows\system32\d3d10_1.dll

2012-03-14 17:09 . 2012-02-13 14:12        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll

2012-03-14 17:09 . 2012-02-13 13:47        683008        ----a-w-        c:\windows\system32\d2d1.dll

2012-03-14 17:09 . 2012-02-13 13:44        1068544        ----a-w-        c:\windows\system32\DWrite.dll

2012-03-14 17:09 . 2012-01-31 10:59        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2012-03-14 11:30 . 2012-01-09 15:54        613376        ----a-w-        c:\windows\system32\rdpencom.dll

2012-03-14 11:30 . 2012-01-09 13:58        180736        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-01 18:12 . 2010-05-03 03:53        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2012-04-01 09:04 . 2011-06-13 18:58        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-30 21:32 . 2009-08-18 09:30        564632        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2012-03-30 21:32 . 2009-08-18 09:24        19352        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-02-23 08:18 . 2009-10-02 23:36        237072        ------w-        c:\windows\system32\MpSigStub.exe

2012-02-15 12:04 . 2011-10-27 13:18        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-03-18 08:46 . 2011-05-03 12:32        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]

2011-05-09 09:49        176936        ----a-w-        c:\program files\ZoneAlarm-Sicherheit\prxtbZone.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}"= "c:\program files\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]

"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2008-09-05 1794048]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-23 805392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile        REG_MULTI_SZ           wcescomm rapimgr

LocalServiceRestricted        REG_MULTI_SZ           WcesComm RapiMgr

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2012-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 09:04]

.

2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 21:33]

.

2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 21:33]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550

mStart Page = about:blank

mWindow Title = Microsoft Internet Explorer

uInternet Settings,ProxyOverride = fritz.box;local;*.local

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} - hxxp://www.n2030.com/atlas_activex.dll

FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\u6t2bqpz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q=

FF - user.js: yahoo.homepage.dontask - true

.

.

------- Dateityp-Verknüpfung -------

.

.txt=UltraEdit.txt

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-ISW - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-04-05 20:17

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

.

c:\users\Joe\AppData\Local\Temp\catchme.dll 53248 bytes executable

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 1

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1769992358-4173282101-2793672938-1000\Software\SecuROM\License information*]

"datasecu"=hex:b9,1e,1a,99,eb,7c,53,73,cb,3b,b7,62,6f,c3,0b,fb,79,48,d3,3f,de,

   02,3b,a2,e9,ed,fe,46,49,52,82,19,40,9b,ac,5c,32,62,52,b0,0b,cc,3e,b3,9a,91,\

"rkeysecu"=hex:ce,68,c6,9b,01,0e,5d,78,c2,08,f6,59,5a,ce,37,1b

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{0aece2c2-be98-4b72-9e75-6830eb9a51e3}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:11020054

"Dhcpv6State"=dword:00000000

"NameServer"=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{34407e69-1570-4998-8bd0-4bc9d653ce4e}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0c001d60

"Dhcpv6State"=dword:00000000

"NameServer"=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{5fca2b8b-e872-4c27-b048-356d06ad3c2f}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0f00184d

"Dhcpv6State"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{7ae3005f-0163-4097-9b53-0020ba3a069c}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:16000000

"Dhcpv6State"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:07001422

"Dhcpv6State"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:06001422

"Dhcpv6State"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'lsass.exe'(640)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

.

- - - - - - - > 'Explorer.exe'(5600)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

c:\program files\Logitech\SetPoint\GameHook.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

.

Zeit der Fertigstellung: 2012-04-05  20:22:07

ComboFix-quarantined-files.txt  2012-04-05 18:22

.

Vor Suchlauf: 14 Verzeichnis(se), 283.774.533.632 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 283.538.419.712 Bytes frei

.

- - End Of File - - 4F03AB646296B9C887C12F037D199A2A

teste mal bitte ob alle browser vernünftig laufen.

Zitat:

Zitat von markusg (Beitrag 810279)

teste mal bitte ob alle browser vernünftig laufen.

Funktioniert alles. :)

öffne malwarebytes, logdateien, poste alle berichte

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.04.03.06
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19190

Joe :: JOE-PC [Administrator]
 

Schutz: Aktiviert
 

03.04.2012 14:26:18

mbam-log-2012-04-03 (14-26-18).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 188645

Laufzeit: 6 Minute(n), 57 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 1

HKCR\AppID\activex.DLL (Adware.180Solutions) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

2012/04/03 14:26:08 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/03 14:26:09 +0200        JOE-PC        Joe        MESSAGE        Executing scheduled update:  Daily

2012/04/03 14:26:10 +0200        JOE-PC        Joe        MESSAGE        Database already up-to-date

2012/04/03 14:26:11 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/03 14:26:14 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/03 14:26:15 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/03 16:38:58 +0200        JOE-PC        Joe        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 50923, Process: avnotify.exe)

2012/04/03 17:07:27 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/03 17:07:33 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/03 17:07:36 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/03 17:07:39 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/03 17:43:09 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/03 17:43:11 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/03 17:43:14 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/03 17:43:16 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/03 17:51:04 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/03 17:51:06 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/03 17:51:09 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/03 17:51:11 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/03 18:08:34 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/03 18:08:36 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/03 18:08:39 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/03 18:08:41 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/03 18:22:07 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/03 18:22:09 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/03 18:22:12 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/03 18:22:14 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

Code:

2012/04/04 12:21:30 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/04 12:21:31 +0200        JOE-PC        Joe        MESSAGE        Executing scheduled update:  Daily

2012/04/04 12:21:32 +0200        JOE-PC        Joe        ERROR        Scheduled update failed:  No address found failed with error code 11004

2012/04/04 12:21:32 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/04 12:21:35 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/04 12:21:37 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/04 17:03:50 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/04 17:03:54 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/04 17:03:57 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/04 17:03:59 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/04 21:20:46 +0200        JOE-PC        Joe        IP-BLOCK        109.163.226.203 (Type: outgoing, Port: 50428, Process: firefox.exe)

2012/04/04 21:22:15 +0200        JOE-PC        Joe        IP-BLOCK        109.163.226.203 (Type: outgoing, Port: 50430, Process: firefox.exe)

2012/04/04 21:22:15 +0200        JOE-PC        Joe        IP-BLOCK        109.163.226.203 (Type: outgoing, Port: 50431, Process: firefox.exe)

Code:

2012/04/05 08:59:36 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/05 08:59:38 +0200        JOE-PC        Joe        MESSAGE        Executing scheduled update:  Daily

2012/04/05 08:59:39 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/05 08:59:42 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/05 08:59:43 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/05 08:59:57 +0200        JOE-PC        Joe        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.04.03.06 to version v2012.04.05.03

2012/04/05 08:59:57 +0200        JOE-PC        Joe        MESSAGE        Starting database refresh

2012/04/05 08:59:57 +0200        JOE-PC        Joe        MESSAGE        Stopping IP protection

2012/04/05 08:59:58 +0200        JOE-PC        Joe        MESSAGE        IP Protection stopped

2012/04/05 09:00:00 +0200        JOE-PC        Joe        MESSAGE        Database refreshed successfully

2012/04/05 09:00:00 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/05 09:00:01 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/05 19:57:03 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/05 19:57:05 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/05 19:57:08 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/05 19:57:10 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/05 19:58:15 +0200        JOE-PC        Joe        MESSAGE        Stopping IP protection

2012/04/05 19:58:16 +0200        JOE-PC        Joe        MESSAGE        IP Protection stopped

2012/04/05 20:28:13 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/05 20:28:16 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/05 20:28:19 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/05 20:28:21 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

Code:

2012/04/06 04:31:49 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/06 04:31:51 +0200        JOE-PC        Joe        MESSAGE        Executing scheduled update:  Daily

2012/04/06 04:31:52 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/06 04:31:55 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/06 04:31:57 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/06 04:32:03 +0200        JOE-PC        Joe        MESSAGE        Starting database refresh

2012/04/06 04:32:03 +0200        JOE-PC        Joe        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.04.05.03 to version v2012.04.06.01

2012/04/06 04:32:03 +0200        JOE-PC        Joe        MESSAGE        Stopping IP protection

2012/04/06 04:32:05 +0200        JOE-PC        Joe        MESSAGE        IP Protection stopped

2012/04/06 04:32:07 +0200        JOE-PC        Joe        MESSAGE        Database refreshed successfully

2012/04/06 04:32:07 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/06 04:32:09 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/06 12:57:47 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/06 12:57:49 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/06 12:57:52 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/06 12:57:54 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/06 18:19:48 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/06 18:19:50 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/06 18:19:53 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/06 18:19:54 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

Code:

2012/04/07 06:31:15 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/07 06:31:17 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/07 06:31:20 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/07 06:31:21 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/07 06:35:27 +0200        JOE-PC        Joe        MESSAGE        Executing scheduled update:  Daily

2012/04/07 06:35:38 +0200        JOE-PC        Joe        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.04.06.01 to version v2012.04.07.01

2012/04/07 06:35:38 +0200        JOE-PC        Joe        MESSAGE        Starting database refresh

2012/04/07 06:35:38 +0200        JOE-PC        Joe        MESSAGE        Stopping IP protection

2012/04/07 06:35:40 +0200        JOE-PC        Joe        MESSAGE        IP Protection stopped

2012/04/07 06:35:42 +0200        JOE-PC        Joe        MESSAGE        Database refreshed successfully

2012/04/07 06:35:42 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/07 06:35:43 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/07 12:44:38 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/07 12:44:40 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/07 12:44:43 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/07 12:44:44 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

Code:

2012/04/08 16:04:16 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/08 16:04:17 +0200        JOE-PC        Joe        MESSAGE        Executing scheduled update:  Daily

2012/04/08 16:04:19 +0200        JOE-PC        Joe        ERROR        Scheduled update failed:  No address found failed with error code 11004

2012/04/08 16:04:19 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/08 16:04:22 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/08 16:04:23 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/08 21:54:18 +0200        JOE-PC        Joe        IP-BLOCK        85.159.232.34 (Type: outgoing, Port: 51938, Process: firefox.exe)

2012/04/08 21:54:26 +0200        JOE-PC        Joe        IP-BLOCK        85.159.232.34 (Type: outgoing, Port: 51957, Process: firefox.exe)

2012/04/08 21:54:26 +0200        JOE-PC        Joe        IP-BLOCK        85.159.232.34 (Type: outgoing, Port: 51958, Process: firefox.exe)

2012/04/08 21:58:02 +0200        JOE-PC        Joe        IP-BLOCK        85.159.232.34 (Type: outgoing, Port: 52049, Process: firefox.exe)

2012/04/08 21:58:02 +0200        JOE-PC        Joe        IP-BLOCK        85.159.232.34 (Type: outgoing, Port: 52052, Process: firefox.exe)

2012/04/08 22:02:26 +0200        JOE-PC        Joe        IP-BLOCK        85.159.232.34 (Type: outgoing, Port: 52158, Process: firefox.exe)

2012/04/08 22:02:26 +0200        JOE-PC        Joe        IP-BLOCK        85.159.232.34 (Type: outgoing, Port: 52159, Process: firefox.exe)

2012/04/08 22:39:48 +0200        JOE-PC        Joe        IP-BLOCK        85.159.232.34 (Type: outgoing, Port: 53048, Process: firefox.exe)

2012/04/08 22:39:48 +0200        JOE-PC        Joe        IP-BLOCK        85.159.232.34 (Type: outgoing, Port: 53049, Process: firefox.exe)

Code:

2012/04/09 10:41:43 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/09 10:41:45 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/09 10:41:48 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/09 10:41:49 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/09 10:53:15 +0200        JOE-PC        Joe        MESSAGE        Executing scheduled update:  Daily

2012/04/09 10:53:35 +0200        JOE-PC        Joe        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.04.07.01 to version v2012.04.09.02

2012/04/09 10:53:35 +0200        JOE-PC        Joe        MESSAGE        Starting database refresh

2012/04/09 10:53:35 +0200        JOE-PC        Joe        MESSAGE        Stopping IP protection

2012/04/09 10:53:37 +0200        JOE-PC        Joe        MESSAGE        IP Protection stopped

2012/04/09 10:53:40 +0200        JOE-PC        Joe        MESSAGE        Database refreshed successfully

2012/04/09 10:53:40 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/09 10:53:42 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/09 19:55:49 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/09 19:55:52 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/09 19:55:55 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/09 19:55:56 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/09 21:50:55 +0200        JOE-PC        Joe        IP-BLOCK        83.128.94.245 (Type: outgoing, Port: 49580, Process: pmb.exe)

2012/04/09 22:34:15 +0200        JOE-PC        Joe        IP-BLOCK        83.128.94.245 (Type: outgoing, Port: 52661, Process: pmb.exe)

2012/04/09 22:57:37 +0200        JOE-PC        Joe        IP-BLOCK        83.128.94.245 (Type: outgoing, Port: 50327, Process: pmb.exe)

2012/04/09 23:33:47 +0200        JOE-PC        Joe        IP-BLOCK        83.128.94.245 (Type: outgoing, Port: 60163, Process: pmb.exe)

Code:

2012/04/10 04:37:39 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/10 04:37:41 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/10 04:37:44 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/10 04:37:45 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/10 13:34:46 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/10 13:34:48 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/10 13:34:51 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/10 13:34:53 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/10 13:35:13 +0200        JOE-PC        Joe        MESSAGE        Executing scheduled update:  Daily

2012/04/10 13:35:39 +0200        JOE-PC        Joe        MESSAGE        Starting database refresh

2012/04/10 13:35:39 +0200        JOE-PC        Joe        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.04.09.02 to version v2012.04.10.03

2012/04/10 13:35:39 +0200        JOE-PC        Joe        MESSAGE        Stopping IP protection

2012/04/10 13:35:41 +0200        JOE-PC        Joe        MESSAGE        IP Protection stopped

2012/04/10 13:35:44 +0200        JOE-PC        Joe        MESSAGE        Database refreshed successfully

2012/04/10 13:35:44 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/10 13:35:45 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/10 18:23:37 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/10 18:23:39 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/10 18:23:43 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/10 18:23:44 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

Code:

2012/04/11 06:57:02 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/11 06:57:04 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/11 06:57:07 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/11 06:57:08 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/11 07:07:30 +0200        JOE-PC        Joe        MESSAGE        Executing scheduled update:  Daily

2012/04/11 07:07:41 +0200        JOE-PC        Joe        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.04.10.03 to version v2012.04.11.01

2012/04/11 07:07:41 +0200        JOE-PC        Joe        MESSAGE        Starting database refresh

2012/04/11 07:07:41 +0200        JOE-PC        Joe        MESSAGE        Stopping IP protection

2012/04/11 07:07:42 +0200        JOE-PC        Joe        MESSAGE        IP Protection stopped

2012/04/11 07:07:44 +0200        JOE-PC        Joe        MESSAGE        Database refreshed successfully

2012/04/11 07:07:44 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/11 07:07:45 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/11 12:34:44 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/11 12:34:46 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/11 12:34:49 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/11 12:34:51 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/11 12:38:00 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/11 12:38:03 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/11 12:38:06 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/11 12:38:10 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/11 17:03:33 +0200        JOE-PC        Joe        IP-BLOCK        83.128.94.245 (Type: outgoing, Port: 53538, Process: pmb.exe)

2012/04/11 17:08:22 +0200        JOE-PC        Joe        IP-BLOCK        83.128.94.245 (Type: outgoing, Port: 53614, Process: pmb.exe)

2012/04/11 17:25:18 +0200        JOE-PC        Joe        IP-BLOCK        83.128.94.245 (Type: outgoing, Port: 65325, Process: pmb.exe)

2012/04/11 17:56:27 +0200        JOE-PC        Joe        IP-BLOCK        83.128.94.245 (Type: outgoing, Port: 54621, Process: pmb.exe)

2012/04/11 18:42:48 +0200        JOE-PC        Joe        IP-BLOCK        83.128.94.245 (Type: outgoing, Port: 53967, Process: pmb.exe)

2012/04/11 19:08:51 +0200        JOE-PC        Joe        IP-BLOCK        83.128.94.245 (Type: outgoing, Port: 59699, Process: pmb.exe)

2012/04/11 19:27:57 +0200        JOE-PC        Joe        IP-BLOCK        83.128.94.245 (Type: outgoing, Port: 49454, Process: pmb.exe)

2012/04/11 19:33:41 +0200        JOE-PC        Joe        IP-BLOCK        83.128.94.245 (Type: outgoing, Port: 61074, Process: pmb.exe)

2012/04/11 19:49:51 +0200        JOE-PC        Joe        IP-BLOCK        109.163.226.203 (Type: outgoing, Port: 53036, Process: firefox.exe)

2012/04/11 19:51:36 +0200        JOE-PC        Joe        IP-BLOCK        109.163.226.203 (Type: outgoing, Port: 53114, Process: firefox.exe)

2012/04/11 19:52:08 +0200        JOE-PC        Joe        IP-BLOCK        83.128.94.245 (Type: outgoing, Port: 55996, Process: pmb.exe)

2012/04/11 19:53:21 +0200        JOE-PC        Joe        IP-BLOCK        59.34.57.134 (Type: outgoing, Port: 20730, Process: sopcast.exe)

2012/04/11 19:53:21 +0200        JOE-PC        Joe        IP-BLOCK        59.34.57.134 (Type: outgoing, Port: 20730, Process: sopcast.exe)

2012/04/11 19:53:21 +0200        JOE-PC        Joe        IP-BLOCK        59.34.57.134 (Type: outgoing, Port: 20730, Process: sopcast.exe)

2012/04/11 19:53:29 +0200        JOE-PC        Joe        IP-BLOCK        59.34.57.134 (Type: outgoing, Port: 20730, Process: sopcast.exe)

2012/04/11 19:53:37 +0200        JOE-PC        Joe        IP-BLOCK        59.34.57.134 (Type: outgoing, Port: 20730, Process: sopcast.exe)

2012/04/11 20:36:51 +0200        JOE-PC        Joe        IP-BLOCK        194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)

2012/04/11 20:36:59 +0200        JOE-PC        Joe        IP-BLOCK        194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)

2012/04/11 21:24:44 +0200        JOE-PC        Joe        IP-BLOCK        194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)

2012/04/11 21:24:52 +0200        JOE-PC        Joe        IP-BLOCK        194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)

2012/04/11 21:25:00 +0200        JOE-PC        Joe        IP-BLOCK        194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)

2012/04/11 21:25:08 +0200        JOE-PC        Joe        IP-BLOCK        194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)

2012/04/11 21:41:25 +0200        JOE-PC        Joe        IP-BLOCK        194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)

2012/04/11 21:41:33 +0200        JOE-PC        Joe        IP-BLOCK        194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)

2012/04/11 21:41:33 +0200        JOE-PC        Joe        IP-BLOCK        194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)

2012/04/11 21:41:41 +0200        JOE-PC        Joe        IP-BLOCK        194.165.0.6 (Type: outgoing, Port: 9487, Process: sopcast.exe)

Code:

2012/04/12 00:33:11 +0200        JOE-PC        Joe        IP-BLOCK        77.78.212.237 (Type: outgoing, Port: 63403, Process: pmb.exe)

2012/04/12 00:33:43 +0200        JOE-PC        Joe        IP-BLOCK        83.128.94.245 (Type: outgoing, Port: 63419, Process: pmb.exe)

2012/04/12 00:55:23 +0200        JOE-PC        Joe        IP-BLOCK        83.128.94.245 (Type: outgoing, Port: 61494, Process: pmb.exe)

2012/04/12 11:53:25 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/12 11:53:27 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/12 11:53:30 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/12 11:53:31 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/12 12:05:30 +0200        JOE-PC        Joe        MESSAGE        Executing scheduled update:  Daily

2012/04/12 12:05:44 +0200        JOE-PC        Joe        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.04.04.08 to version v2012.04.12.02

2012/04/12 12:05:44 +0200        JOE-PC        Joe        MESSAGE        Starting database refresh

2012/04/12 12:05:44 +0200        JOE-PC        Joe        MESSAGE        Stopping IP protection

2012/04/12 12:05:46 +0200        JOE-PC        Joe        MESSAGE        IP Protection stopped

2012/04/12 12:05:49 +0200        JOE-PC        Joe        MESSAGE        Database refreshed successfully

2012/04/12 12:05:49 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/12 12:05:50 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/12 13:40:09 +0200        JOE-PC        Joe        IP-BLOCK        83.128.61.123 (Type: outgoing, Port: 50494, Process: pmb.exe)

2012/04/12 13:45:38 +0200        JOE-PC        Joe        IP-BLOCK        83.128.61.123 (Type: outgoing, Port: 50666, Process: pmb.exe)

2012/04/12 16:13:19 +0200        JOE-PC        Joe        IP-BLOCK        83.128.56.166 (Type: outgoing, Port: 51735, Process: pmb.exe)

2012/04/12 16:14:08 +0200        JOE-PC        Joe        IP-BLOCK        83.128.61.123 (Type: outgoing, Port: 51811, Process: pmb.exe)

2012/04/12 16:23:06 +0200        JOE-PC        Joe        IP-BLOCK        83.128.56.166 (Type: outgoing, Port: 52165, Process: pmb.exe)

2012/04/12 16:23:38 +0200        JOE-PC        Joe        IP-BLOCK        83.128.61.123 (Type: outgoing, Port: 52177, Process: pmb.exe)

2012/04/12 17:31:58 +0200        JOE-PC        Joe        IP-BLOCK        83.128.61.123 (Type: outgoing, Port: 52723, Process: pmb.exe)

2012/04/12 17:45:03 +0200        JOE-PC        Joe        IP-BLOCK        83.128.61.123 (Type: outgoing, Port: 53018, Process: pmb.exe)

Code:

2012/04/13 10:07:20 +0200        JOE-PC        Joe        MESSAGE        Starting protection

2012/04/13 10:07:23 +0200        JOE-PC        Joe        MESSAGE        Protection started successfully

2012/04/13 10:07:24 +0200        JOE-PC        Joe        MESSAGE        Executing scheduled update:  Daily

2012/04/13 10:07:26 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/13 10:07:27 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

2012/04/13 10:07:42 +0200        JOE-PC        Joe        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.04.12.02 to version v2012.04.13.02

2012/04/13 10:07:42 +0200        JOE-PC        Joe        MESSAGE        Starting database refresh

2012/04/13 10:07:42 +0200        JOE-PC        Joe        MESSAGE        Stopping IP protection

2012/04/13 10:07:43 +0200        JOE-PC        Joe        MESSAGE        IP Protection stopped

2012/04/13 10:07:46 +0200        JOE-PC        Joe        MESSAGE        Database refreshed successfully

2012/04/13 10:07:46 +0200        JOE-PC        Joe        MESSAGE        Starting IP protection

2012/04/13 10:07:47 +0200        JOE-PC        Joe        MESSAGE        IP Protection started successfully

lade den CCleaner standard:
CCleaner Download - CCleaner 3.17.1689
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Code:

7-Zip 9.20                03.04.2012        3,54MB        

Adobe AIR        Adobe Systems Inc.        20.02.2010        30,7MB        1.5.3.9130                                benötigt

Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        12.04.2012                11.2.202.233        benötigt

Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        12.04.2012                11.2.202.233        benötigt

Adobe Photoshop Elements 5.0        Adobe Systems, Inc.        11.02.2009        291MB        5.0                         benötigt

Adobe Reader 9.5.1 - Deutsch        Adobe Systems Incorporated        18.04.2012        118,3MB        9.5.1                 benötigt
 

Age of Empires Online        Microsoft        29.03.2012        4.143MB                                         benötigt

AliceHilfe                18.11.2010                1.0.0.1                                                        unnötig

Apple Application Support        Apple Inc.        06.01.2012        61,1MB        2.1.6                                unbekannt

Apple Mobile Device Support        Apple Inc.        25.06.2011        22,1MB        3.4.1.2                                unbekannt        

Apple Software Update        Apple Inc.        25.06.2011        2,25MB        2.1.3.127                                unbekannt
 

Avira Free Antivirus        Avira        14.02.2012        77,5MB        12.0.0.898                                        benötigt

AVM FRITZ!WLAN        AVM Berlin        04.06.2010                                                                benötigt

Bonjour        Apple Inc.        04.08.2011        0,73MB        3.0.0.2                                                        unbekannt        

Canon MP Navigator EX 1.0                05.12.2008        66,0MB                                                benötigt

Canon MP610 series                05.12.2008                                                                benötigt
 

Canon MP610 series Benutzerregistrierung                05.12.2008        0,52MB                                benötigt

Canon My Printer                05.12.2008        2,14MB                                                        benötigt

Canon Utilities Easy-PhotoPrint EX                05.12.2008        209MB                                        benötigt        

Canon Utilities Solution Menu                05.12.2008        1,59MB                                                benötigt

CCleaner        Piriform        12.04.2012        4,46MB        3.17                                                benötigt
 

CD-LabelPrint                05.12.2008        11,7MB                                                                unbekannt

DAoC Portal        DAoC Portal        01.12.2011        0,87MB        2.1.0                                                benötigt

Dark Age of Camelot        Electronic Arts        01.12.2011        5.545MB                                                benötigt

DivX-Setup        DivX, LLC        27.02.2012        3,53MB        2.6.1.8                                                benötigt

Downloader                12.11.2010        5,61MB                                                                benötigt
 

Fraps                05.02.2012        32,6MB                                                                        benötigt

Google Chrome        Google Inc.        05.02.2011        163,6MB        18.0.1025.162                                        unnötig        

Google Earth Plug-in        Google        11.11.2011        40,9MB        6.1.0.5001                                        unbekannt

iTunes        Apple Inc.        04.08.2011        141,9MB        10.4.0.80                                                benötigt

Java(TM) 6 Update 31        Oracle        31.03.2012        95,1MB        6.0.310                                                benötigt
 

Java(TM) 6 Update 7        Sun Microsystems, Inc.        05.12.2008        138,0MB        1.6.0.70                        benötigt        

League of Legends        Riot Games        26.08.2011        2.521MB        1.02.0000                                benötigt

League of Legends        Riot Games        08.04.2012        2.051MB        1.3                                        benötigt

Logitech GamePanel Software 3.06.109        Logitech Inc.        10.10.2010        17,0MB        3.06.109                benötigt

Logitech SetPoint        Logitech        22.11.2008        17,6MB        4.60                                        benötigt
 

Malwarebytes Anti-Malware Version 1.61.0.1400        Malwarebytes Corporation        10.04.2012        11,5MB        1.61.0.1400                        benötigt

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        18.08.2009        37,0MB                                        unbekannt

Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        12.11.2011        27,8MB                                                        unbekannt

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        25.06.2010        120,3MB        4.0.30319                                unbekannt

Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        25.06.2010        24,5MB        4.0.30319                unbekannt
 

Microsoft .NET Framework 4 Extended        Microsoft Corporation        22.12.2010        46,0MB        4.0.30319                                        unbekannt

Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        29.03.2012        31,3MB        3.5.92.0                        unbekannt

Microsoft Games for Windows Marketplace        Microsoft Corporation        29.03.2012        6,04MB        3.5.50.0                                        unbekannt

Microsoft Silverlight        Microsoft Corporation        16.02.2012        14,9MB        4.1.10111.0                                                        unbekannt

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        24.10.2009        0,25MB        8.0.50727.4053        unbekannt

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        16.06.2011        0,29MB        8.0.61001                                unbekannt

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        24.10.2009        0,19MB        9.0.30729.4148        unbekannt
 

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        23.04.2011        0,58MB        9.0.30729.5570        unbekannt

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        01.04.2010        1,41MB        9.0.21022                        unbekannt

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218        Microsoft Corporation        12.11.2010        0,22MB        9.0.21022.218                        unbekannt

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        04.06.2010        0,58MB        9.0.30729                        unbekannt

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        24.09.2009        0,58MB        9.0.30729                        unbekannt
 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        16.06.2011        0,58MB        9.0.30729.6161                        unbekannt

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        28.10.2011        16,5MB        10.0.40219                        unbekannt

Microsoft XNA Framework Redistributable 4.0        Microsoft Corporation        23.02.2012        8,03MB        4.0.20823.0                                        unbekannt

MobileMe Control Panel        Apple Inc.        08.05.2011        11,3MB        3.1.6.0                                                                                unbekannt

        

Mozilla Firefox 11.0 (x86 de)        Mozilla        17.03.2012        36,4MB        11.0                                        benötigt

NVIDIA 3D Vision Treiber 266.58        NVIDIA Corporation        06.02.2011        21,1MB        266.58                        benötigt

NVIDIA Grafiktreiber 266.58        NVIDIA Corporation        06.02.2011        90,1MB        266.58                        benötigt

NVIDIA HD-Audiotreiber 1.1.13.1        NVIDIA Corporation        06.02.2011        3,20MB        1.1.13.1                benötigt

NVIDIA PhysX-Systemsoftware 9.10.0514        NVIDIA Corporation        06.02.2011        73,3MB        9.10.0514        benötigt
 

OpenOffice.org 3.0        OpenOffice.org        02.03.2009        348MB        3.0.9379                                benötigt

Opera 11.11        Opera Software ASA        19.05.2011        34,2MB        11.11.2109                                unnötig

Pando Media Booster        Pando Networks Inc.        08.04.2012        7,18MB        2.6.0.7                                unbekannt        

QuickTime        Apple Inc.        25.01.2012        73,3MB        7.71.80.42                                        unbekannt

Skype Toolbars        Skype Technologies S.A.        23.07.2010        5,25MB        1.0.4051                                benötigt
 

Skype™ 4.2        Skype Technologies S.A.        23.07.2010        31,8MB        4.2.169                                        benötigt

SopCast 3.2.4        SopCast.com        07.11.2009        11,2MB        3.2.4                                                benötigt
 

Spelling Dictionaries Support For Adobe Reader 9        Adobe Systems Incorporated        06.12.2009        29,7MB        9.0.0                                unbekannt

Spybot - Search & Destroy        Safer Networking Limited        15.09.2010        62,0MB        1.6.2                                                        benötigt

Spyware Doctor 7.0        PC Tools        03.12.2009        75,3MB        7.0                                                                                benötigt
 

Steam        Valve Corporation        15.06.2011        35,5MB        1.0.0.0

System Requirements Lab                06.08.2009        0,38MB                                                        unbekannt

TeamSpeak 3 Client        TeamSpeak Systems GmbH        15.09.2010        30,6MB                                        benötigt        

TERA        Frogster Online Gaming GmbH        18.04.2012        1.855MB        16.04                                        benötigt

Ubisoft Game Launcher        UBISOFT        01.04.2010        22,2MB        1.0.0.0                                                benötigt

Unity Web Player        Unity Technologies ApS        25.11.2011        0,20MB                                        unbekannt
 

Veetle TV        Veetle, Inc        12.08.2011        9,89MB        0.9.18                                                unnötig

Ventrilo Client        Flagship Industries, Inc.        21.10.2010        4,43MB        3.0.5                                benötigt

Vista Codec Package        Shark007        06.06.2009        46,4MB        5.2.9                                        unbekannt

VoiceOver Kit        Apple Inc.        07.02.2011        41,8MB        1.40.128.0                                        unbekannt        

Windows Live ID Sign-in Assistant        Microsoft Corporation        29.03.2012        4,69MB        6.500.3165.0        unbekannt

        

Windows Media Player Firefox Plugin        Microsoft Corp        06.06.2009        0,29MB        1.0.0.8                        benötigt

WinRAR                28.07.2009        3,73MB                                                                        benötigt

ZoneAlarm Free        Check Point        21.11.2011        24,8MB        10.1.065.000                                        benötigt        

ZoneAlarm-Sicherheit Toolbar        ZoneAlarm-Sicherheit        21.11.2011        4,79MB                                benötigt

deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
AliceHilfe
CD-LabelPrint
Google : beide
Java(TM) 6 Update 7
Microsoft Games : beide
Microsoft Silverlight
Opera
Skype Toolbars

Kostenlose Internetanrufe mit Skype. Telefone online billig anrufen
skype 5 instalieren.

deinstaliere:

deinstaliere:
Spelling Dictionaries
Spybot : nutze lieber, nach update, von zeit zu zeit, malwarebytes.
Spyware Doctor
Unity
Veetle
Vista Codec
Windows Live
ZoneAlarm: kann ebenfalls weg, desktop firewalls sind unzuverlässig und zu 99 % sowieso unnütz.

öffne otl bereinigen, pc startet neu.
öffne ccleaner, analysieren, ccleaner starten, pc neustarten, testen wie das system läuft

Alles soweit erledigt. System läuft bisher stabil. :)