Trojan.downloader/ Malwarebyte findet ihn als scr-Datei

schikum · 07.03.2011, 15:15

Hallo
Routine-Check mit Malwarebyte brachte den Schädling ans Licht. Wurde von einem Benutzer als Bild-Datei runtergeladen.
Gebrauchsmässig sind keine Auffälligkeiten zu bemerken. Gemäss Log hat es keine Spuren im System.
Kann bitte jemand die LOGS noch durchschauen?
Vielen Dank schon mal.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5950

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

04.03.2011 18:33:49
mbam-log-2011-03-04 (18-33-49).txt

Scan type: Quick scan
Objects scanned: 243993
Time elapsed: 4 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\D***\downloads\dsc002741436-jpg.scr (Trojan.Downloader) -> Quarantined and deleted successfully.
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.03.2011 14:13:14 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Desktop
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
766.00 Mb Total Physical Memory | 178.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 0.00 Gb Available in Paging File | 16.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67.37 Gb Total Space | 23.12 Gb Free Space | 34.32% Space Free | Partition Type: NTFS
Drive D: | 18.05 Gb Total Space | 14.71 Gb Free Space | 81.46% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 11.37 Gb Free Space | 77.60% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc.              )
DRV - (S3GIGP) -- C:\Windows\System32\drivers\VTGKModeDX32.sys (S3 Graphics Co., Ltd.)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (nvatabus) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.10 10:49:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.07 12:10:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.02.07 12:04:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.02.07 12:10:21 | 000,000,000 | ---D | M]
 
[2011.01.10 16:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.03.04 10:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\dg6w4qzz.default\extensions
[2011.01.24 18:02:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Papi_2\AppData\Roaming\mozilla\Firefox\Profiles\dg6w4qzz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.10 12:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.04 09:22:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.01.10 12:36:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.05.03 22:07:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.05.04 09:22:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.01.10 12:36:28 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.01.10 12:35:43 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[1999.12.31 16:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.12.23 10:38:31 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.23 10:38:31 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.23 10:38:31 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.23 10:38:32 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.23 10:38:32 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.03 21:56:45 | 000,393,089 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 13577 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1031" /heur:80 /pup /archives /IA:0 /KBD:2 /dir:"C:\Program Files\Alwil Software\Avast5") - C:\Windows\System32\aswBoot.exe (AVAST Software)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.07 14:11:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Papi_2\Desktop\OTL.exe
[2011.03.04 15:00:10 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.03.04 14:59:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.03.04 14:59:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.03.04 14:59:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.03.04 14:54:35 | 000,400,384 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Papi_2\Desktop\JavaRa.exe
[2011.02.15 11:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
[2011.02.15 11:20:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Paltalk
[2011.02.07 12:17:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2011.02.07 12:08:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Tracker Software
[2011.02.07 12:05:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.02.07 11:56:38 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 10
[2011.02.07 11:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.02.07 11:42:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.07 14:20:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1BFB3293-EF92-4B48-9A04-6CD7BB761264}.job
[2011.03.07 14:20:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CC40EB32-6746-476B-B344-A254A4A4164C}.job
[2011.03.07 14:19:19 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.07 14:13:07 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.07 14:13:07 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.07 14:13:07 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.07 14:13:07 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.07 14:10:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.03.07 13:41:31 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.07 13:41:30 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.07 12:56:27 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.07 10:41:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.06 17:59:59 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy -  Scheduled Task.job
[2011.03.06 17:50:00 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
[2011.03.06 17:48:09 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C7722009-357A-4531-B3FD-B2D50AFA77F8}.job
[2011.03.06 16:30:07 | 803,717,120 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.04 18:17:59 | 000,000,294 | ---- | M] () -- C:\Users\***\Documents\cc_20110304_181756.reg
[2011.03.04 18:17:39 | 000,006,096 | ---- | M] () -- C:\Users\***\Documents\cc_20110304_181734.reg
[2011.03.04 15:27:11 | 189,358,834 | ---- | M] () -- C:\Users\***\Documents\Thunderbird emails.zip
[2011.03.04 11:31:49 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.02.15 11:20:24 | 000,001,312 | ---- | M] () -- C:\Users\Papi_2\Desktop\Upgrade to Paltalk Extreme.lnk
[2011.02.07 12:06:22 | 000,001,034 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2011.02.07 11:22:09 | 000,000,930 | ---- | M] () -- C:\Users\***\Desktop\Malwarebytes' Anti-Malware.lnk
 
========== Files Created - No Company Name ==========
 
[2011.03.04 18:17:58 | 000,000,294 | ---- | C] () -- C:\Users\***\Documents\cc_20110304_181756.reg
[2011.03.04 18:17:37 | 000,006,096 | ---- | C] () -- C:\Users\***\Documents\cc_20110304_181734.reg
[2011.03.04 15:26:17 | 189,358,834 | ---- | C] () -- C:\Users\***\Documents\Thunderbird emails.zip
[2011.03.04 14:54:35 | 000,299,233 | ---- | C] () -- C:\Users\***\Desktop\JavaRa.def
[2011.03.04 14:54:35 | 000,002,699 | ---- | C] () -- C:\Users\***\Desktop\Deutsch.lng
[2011.02.15 11:20:24 | 000,001,312 | ---- | C] () -- C:\Users\***\Desktop\Upgrade to Paltalk Extreme.lnk
[2011.02.07 12:06:22 | 000,001,034 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2011.02.07 11:56:44 | 000,001,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 10.lnk
[2011.02.07 11:22:09 | 000,000,930 | ---- | C] () -- C:\Users\***\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.06 10:17:43 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.01.06 10:17:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.01.06 10:17:43 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.01.06 10:17:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.01.06 10:17:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.09.06 15:38:54 | 000,027,136 | ---- | C] () -- C:\Windows\System32\qtuninst.dll
[2010.05.03 13:23:09 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007.06.19 11:27:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2007.06.19 11:26:05 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
[2007.06.19 11:03:27 | 000,641,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.06.19 11:03:27 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.06.19 11:03:27 | 000,116,706 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.06.19 11:03:27 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:44:53 | 000,264,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 08:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.08.11 17:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
 
========== LOP Check ==========
 
[2011.02.07 12:05:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.02.15 11:21:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Paltalk
[2011.01.24 14:44:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.03.06 16:29:00 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.03.07 14:20:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1BFB3293-EF92-4B48-9A04-6CD7BB761264}.job
[2011.03.06 17:48:09 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C7722009-357A-4531-B3FD-B2D50AFA77F8}.job
[2011.03.07 14:20:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CC40EB32-6746-476B-B344-A254A4A4164C}.job
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 07.03.2011 14:13:14 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Desktop
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
766.00 Mb Total Physical Memory | 178.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 0.00 Gb Available in Paging File | 16.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67.37 Gb Total Space | 23.12 Gb Free Space | 34.32% Space Free | Partition Type: NTFS
Drive D: | 18.05 Gb Total Space | 14.71 Gb Free Space | 81.46% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 11.37 Gb Free Space | 77.60% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY-PC | User Name: Papi_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02154BC4-1AD1-42B9-8CF0-007B95508328}" = rport=137 | protocol=17 | dir=out | app=system | 
"{221E9536-84C0-4E3E-9503-E7DD089D7E6C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{25874692-0119-4B09-BCB0-7B8E6EC0F890}" = lport=137 | protocol=17 | dir=in | app=system | 
"{27EF7E56-DA90-4FED-AF74-696C3ED1968A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3DFB12C1-1B35-4263-B2BA-36D3A4EC7833}" = rport=138 | protocol=17 | dir=out | app=system | 
"{736BE601-3A8C-444C-83A9-E0FFB0E00036}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{757DF415-162A-43A0-8955-6DC26C26C2F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AB5CE33C-89AD-4C5E-A9BB-62172F0BCA76}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FC1FBE63-BD8F-447F-B56C-72FFE81C3006}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FDF756E8-05E4-4FEA-A25C-181C42F8028D}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5F33E9A8-E7CE-4F1D-9129-13C496817642}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8A483478-E941-4817-B5B8-06BEEE876EC6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A536EF0D-93E8-4BA3-A835-FDB4D1D06690}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CBEE3076-42AF-471D-B1AC-C4D610803AC9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{2362613A-DC29-49D3-96FE-18B78302A208}C:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe | 
"TCP Query User{7DFC5FB3-3D50-4958-8E24-C6CACA1A6AD4}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe | 
"TCP Query User{A2D99657-B7E0-4FB3-B357-5F341A5B0D1F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{CB38C08A-8697-4957-A894-CFE92D159F7F}C:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe | 
"TCP Query User{CCE6FF6C-B6EF-467C-98D0-6F6EA251F1C7}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe | 
"TCP Query User{E82C61CC-C169-4862-AEB6-28D8BC283AFB}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{EF3B63AB-D6B8-49CD-9F97-002FC10669F7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{1407CE4F-343C-411B-88B7-61BF702F737E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{17C053C8-82FA-4386-81F5-BE2DC4BCBF26}C:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe | 
"UDP Query User{2284DFE3-2259-48BF-B13A-D3B60DFE5051}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{42D3237C-45FA-479A-B71D-8BD69DC6121B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{74C36499-E2FE-44FB-B010-76F2B4F3B1EF}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe | 
"UDP Query User{9E7A116B-2A25-4FDD-A641-CE1297289F2C}C:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe | 
"UDP Query User{BD31A2BB-574C-45D7-B7E6-8B19879192AB}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}" = TSP_CODEC
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C649ED6C-2D44-40BA-AE75-0AADD5E411E5}" = Wildlife Park 2 Horses
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CCF22908-ECD2-4068-84F1-BA02DA1EC72D}" = GoGear Spark Device Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE480239-DC94-4A5D-9CBE-415D24D2F6AD}" = Findet Nemo
"{DFF5C119-2948-4A12-B330-357ED7D4295E}" = GoGear Spark Device Manager
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"avast5" = avast! Free Antivirus
"Canon MP620 series Benutzerregistrierung" = Canon MP620 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{CE480239-DC94-4A5D-9CBE-415D24D2F6AD}" = Findet Nemo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"OnlineBible" = Online Bibel 10.95
"PalTalk8.2" = Paltalk Messenger
"PhotoScape" = PhotoScape
"QuickTime 3.0" = QuickTime 3.0
"Recuva" = Recuva
"Speccy" = Speccy
"VIA Chrome9 HC IGP Windows Vista Display" = VIA Chrome9 HC IGP Windows Vista Display
"VLC media player" = VLC media player 1.0.5
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 18.05.2010 10:55:20 | Computer Name = Family-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 31.05.2010 10:51:37 | Computer Name = Family-PC | Source = avast! | ID = 33554522
Description = 
 
[ Application Events ]
Error - 03.03.2011 11:48:59 | Computer Name = Family-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 04.03.2011 05:08:36 | Computer Name = Family-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 04.03.2011 08:00:28 | Computer Name = Family-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 04.03.2011 09:17:18 | Computer Name = Family-PC | Source = EventSystem | ID = 4622
Description = 
 
Error - 04.03.2011 09:17:18 | Computer Name = Family-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 04.03.2011 09:48:02 | Computer Name = Family-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 04.03.2011 10:50:36 | Computer Name = Family-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 04.03.2011 13:20:03 | Computer Name = Family-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 05.03.2011 12:14:09 | Computer Name = Family-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 06.03.2011 12:30:25 | Computer Name = Family-PC | Source = WerSvc | ID = 5007
Description = 
 
[ System Events ]
Error - 04.03.2011 07:02:38 | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 04.03.2011 12:21:49 | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 04.03.2011 13:13:16 | Computer Name = Family-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 04.03.2011 13:36:36 | Computer Name = Family-PC | Source = Service Control Manager | ID = 7043
Description = 
 
Error - 04.03.2011 17:51:32 | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 05.03.2011 12:14:56 | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 05.03.2011 14:55:17 | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 06.03.2011 11:28:56 | Computer Name = Family-PC | Source = Service Control Manager | ID = 7043
Description = 
 
Error - 06.03.2011 11:28:56 | Computer Name = Family-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 06.03.2011 11:31:58 | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >

--- --- ---

markusg · 07.03.2011, 15:43

wieso hat das windows noch nie updates gesehen?

schikum · 07.03.2011, 16:13

Kein windows-update?
das ist wirklich komisch, habe ich doch schon mal manuell gemacht...........und ansonsten automatisch.

werd ich in dem falle mal nachholen, woran hast du das gemerkt?

ich hab mal nachgeschaut: das letzte automatische vista update ist vom 27.7.10, defender aktuell heute. wenn ich suche, meldet der dienst, es gäbe kein aktuelles update für vista. das ist ein laptop mit vista basic.

auf dem pc hab ich aber updates vom 10.2.11, ist allerdings vista premium. macht das einen unterschied im update?

markusg · 07.03.2011, 16:17

blödsinn, dieser pc bekommt keine automatischen updates mehr.
du hast weder servicepack 1 noch servicepack 2
Windows 6.0.6000
könnte sein das die unter optionale updates auszuwählen sind, musst mal schauen.

schikum · 07.03.2011, 16:31

ich hab noch was editiert vorher, bitte beachten.
komischerweise läuft nichts bei manueller update-suche.
also letztes update für vista vom juli 2010.
wie meinst du das mit optional?

markusg · 07.03.2011, 16:38

du sollst windows updates aufrufen und nach updats suchen lassen, da gibts dann wichtige updates und optionale.

schikum · 07.03.2011, 16:43

ist auch komisch, dass im log der ie als browser angegeben wird. der ist zwar installiert, aber nicht benutzt. ich surfe mirt firefox. den ie hab ich eigentlich nur, weil gewisse programme den anscheinend unbedingt brauchen.

schikum · 07.03.2011, 16:44

ich hab über die systemsteuerung den update-dienst aufgerufen, (gerade eben), und er meldet mir: es sind keine updates für ihren computer verfügbar.

markusg · 07.03.2011, 16:57

stimmt den ie musst du auch auf version 8 updaten. und ja, auf den ie, bzw dateien etc greifen viele programme zu, selbst der firefox nutzt das zonen modell des ies.

schikum · 07.03.2011, 17:10

aber wie komm ich jetzt zu meinen updates, wenn es nicht über die systemsteuerung geht?

markusg · 07.03.2011, 17:19

servicepack 1:
Detail Seite Windows Vista Service Pack 1 Five Language Standalone (KB936330)
servicepack 2:
Detail Seite Windows Server 2008 Service Pack 2 und Windows Vista Service Pack 2 - Five Language Standalone (KB948465)
internet explorer 8:
Mit Sicherheit ins Internet.
windows update:
Microsoft Windows Update
da dann so lange updates instalieren bis es keine mehr gibt

schikum · 07.03.2011, 17:22

hab mich schon mal selber schlauer gemacht von diesem link: hxxp://support.microsoft.com/kb/935791/de#downloadsteps
wirklich: keine service-packs vorhanden............komisch!
ok, das nehm ich baldigst an die hand, im link muss ich wohl die dritte möglichkeit wählen.

kannst du schon was zu den log files sagen, wegen diesem trojaner?

schikum · 07.03.2011, 17:25

oh gut, danke für die links!
werd ich machen.

markusg · 07.03.2011, 17:25

nichts gesehen.
aber ohne updates läufst du gefahr das du bald infiziert wirst.
außerdem benötigen die meisten programme die servicepacks um richtig zu funktionieren

schikum · 07.03.2011, 17:32

ok, dann werd ich mich heut noch dranmachen.
vielen dank und super hast du einen offenen blick gehabt

07.03.2011, 15:43	#2
markusg /// Malware-holic	Trojan.downloader/ Malwarebyte findet ihn als scr-Datei wieso hat das windows noch nie updates gesehen? __________________ __________________

07.03.2011, 16:38	#6
markusg /// Malware-holic	Trojan.downloader/ Malwarebyte findet ihn als scr-Datei du sollst windows updates aufrufen und nach updats suchen lassen, da gibts dann wichtige updates und optionale. __________________ --> Trojan.downloader/ Malwarebyte findet ihn als scr-Datei

Trojan.downloader/ Malwarebyte findet ihn als scr-Datei

Log-Analyse und Auswertung: Trojan.downloader/ Malwarebyte findet ihn als scr-Datei