AVG findet ständig den Trojaner Generic 17.BTYT

58Divad91 · 09.05.2010, 21:18

Guten Abend.

Ich habe das Problem seit gestern. Neben den dauernden Funden öffnet sich auch ständig der Internet Explorer mit irgendwelchen Werbungsseiten.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4084

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

09.05.2010 22:05:32
mbam-log-2010-05-09 (22-05-32).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 114671
Laufzeit: 5 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 14

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-4480008914-7969877806-619256613-0165\mgrls32.exe,C:\RECYCLER\S-1-5-21-7646174689-0760735641-917597974-0094\mgrls32.exe,C:\RECYCLER\S-1-5-21-2468306877-0664425142-686917256-4970\mgrls32.exe,C:\RECYCLER\S-1-5-21-3928710477-4636649543-707606672-5643\mgrls32.exe,C:\RECYCLER\S-1-5-21-2636442893-2972751270-311046325-5175\mgrls32.exe,C:\RECYCLER\S-1-5-21-0394492057-4020255423-994094715-8815\mgrls32.exe,C:\RECYCLER\S-1-5-21-9006084975-8962305842-403298381-9423\mgrls32.exe,C:\RECYCLER\S-1-5-21-3931207719-2266119832-522709194-9648\mgrls32.exe,C:\RECYCLER\S-1-5-21-8259455756-9093108046-593233449-4044\mgrls32.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0190469821-5224077591-459140576-4458\mgrls32.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\RECYCLER\S-1-5-21-0190469821-5224077591-459140576-4458\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0394492057-4020255423-994094715-8815\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2468306877-0664425142-686917256-4970\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2636442893-2972751270-311046325-5175\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3928710477-4636649543-707606672-5643\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3931207719-2266119832-522709194-9648\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-4480008914-7969877806-619256613-0165\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-7646174689-0760735641-917597974-0094\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-8259455756-9093108046-593233449-4044\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-9006084975-8962305842-403298381-9423\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\Windows\system32\Drivers\jcpuaxx.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Stefan\AppData\Local\Temp\Ash.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

---

OTL logfile created on: 09.05.2010 22:12:53 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Stefan\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,42 Gb Total Space | 137,44 Gb Free Space | 59,13% Space Free | Partition Type: NTFS
Drive D: | 1,46 Gb Total Space | 1,42 Gb Free Space | 96,99% Space Free | Partition Type: NTFS
Drive E: | 231,87 Gb Total Space | 231,51 Gb Free Space | 99,84% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEFAN-PC
Current User Name: Stefan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Stefan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Stefan\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE E4 97 31 BD EE CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.74

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.23 19:56:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.23 19:55:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.08 19:43:15 | 000,000,000 | ---D | M]

[2010.03.03 13:54:02 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2010.05.09 21:12:33 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\letz8p2x.default\extensions
[2010.03.03 14:48:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\letz8p2x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.09 21:12:26 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\letz8p2x.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.04.03 15:47:00 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\letz8p2x.default\extensions\firefox@tvunetworks.com
[2010.05.08 19:43:15 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.08 19:43:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{008ed5d8-18c6-11df-b36f-fc8ce60d8993}\Shell - "" = AutoRun
O33 - MountPoints2\{008ed5d8-18c6-11df-b36f-fc8ce60d8993}\Shell\AutoRun\command - "" = J:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.09 21:57:54 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes
[2010.05.09 21:57:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.09 21:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.09 21:57:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.09 21:57:40 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.09 21:46:48 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.05.09 21:17:56 | 000,000,000 | ---D | C] -- C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010.05.09 21:17:50 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.05.08 19:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.05.08 19:43:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.05.08 19:43:15 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.05.08 19:43:15 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.05.08 19:43:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.05.08 19:43:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.05.08 16:37:06 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2010.05.01 15:26:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\TVUAx
[2010.04.24 15:44:16 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\06FCF4F30DB0B17BADD9408258515561
[2010.04.24 08:25:25 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\vlc
[2010.04.24 08:24:17 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2010.04.23 19:55:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\xing shared
[2010.04.14 08:11:51 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 08:11:50 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 08:11:49 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 08:11:46 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.14 08:11:46 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.09 22:15:01 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\jcpuaxx.sys
[2010.05.09 22:12:10 | 002,359,296 | -HS- | M] () -- C:\Users\Stefan\NTUSER.DAT
[2010.05.09 22:10:58 | 000,053,920 | ---- | M] () -- C:\Users\Stefan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.09 22:10:50 | 000,052,878 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.05.09 22:10:50 | 000,052,878 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.05.09 22:10:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.09 22:10:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.09 22:10:28 | 000,247,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.09 22:10:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.09 22:10:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.09 22:09:57 | 1878,319,104 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.09 22:08:46 | 000,524,288 | -HS- | M] () -- C:\Users\Stefan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.05.09 22:08:46 | 000,065,536 | -HS- | M] () -- C:\Users\Stefan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.05.09 22:08:43 | 001,977,195 | -H-- | M] () -- C:\Users\Stefan\AppData\Local\IconCache.db
[2010.05.09 21:57:44 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.09 21:55:12 | 000,013,358 | ---- | M] () -- C:\Users\Stefan\Documents\cc_20100509_215452.reg
[2010.05.09 21:46:50 | 000,001,675 | ---- | M] () -- C:\Users\Stefan\Desktop\CCleaner.lnk
[2010.05.09 17:48:30 | 059,766,168 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.05.09 13:37:23 | 003,777,591 | R--- | M] () -- C:\Users\Stefan\Desktop\K_naan___David_Bisbal_-_Wavin__Flag.mp3
[2010.05.09 13:21:43 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.09 13:21:43 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.09 13:21:43 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.09 13:21:43 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.09 13:21:43 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.07 14:02:25 | 000,018,432 | ---- | M] () -- C:\Users\Stefan\Documents\Training dbdt.xls
[2010.05.03 12:39:39 | 000,132,058 | ---- | M] () -- C:\Users\Stefan\Documents\Aggressive_Geschaeftspraktiken-Handout.pdf
[2010.05.03 12:33:09 | 000,058,880 | ---- | M] () -- C:\Users\Stefan\Documents\Irreführende Geschäftspraktiken.doc
[2010.05.03 12:23:08 | 000,064,512 | ---- | M] () -- C:\Users\Stefan\Documents\Zivilverfahren.doc
[2010.05.02 10:55:20 | 000,064,000 | ---- | M] () -- C:\Users\Stefan\Documents\ZPO judikatur.doc
[2010.04.30 15:11:22 | 000,078,336 | ---- | M] () -- C:\Users\Stefan\Documents\Österreichisches Anwaltsblatt 2006.doc
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.26 14:19:02 | 000,046,592 | ---- | M] () -- C:\Users\Stefan\Desktop\Handout.doc
[2010.04.26 09:20:26 | 000,053,920 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2010.04.24 08:24:24 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.04.23 19:56:07 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.04.23 19:55:55 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010.04.23 19:55:34 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010.04.23 19:55:33 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010.04.23 19:54:51 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010.04.21 09:45:32 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.04.12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.04.12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.04.12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.09 21:57:44 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.09 21:55:09 | 000,013,358 | ---- | C] () -- C:\Users\Stefan\Documents\cc_20100509_215452.reg
[2010.05.09 21:46:50 | 000,001,675 | ---- | C] () -- C:\Users\Stefan\Desktop\CCleaner.lnk
[2010.05.09 13:37:23 | 003,777,591 | R--- | C] () -- C:\Users\Stefan\Desktop\K_naan___David_Bisbal_-_Wavin__Flag.mp3
[2010.05.08 16:39:16 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\jcpuaxx.sys
[2010.05.03 12:39:39 | 000,132,058 | ---- | C] () -- C:\Users\Stefan\Documents\Aggressive_Geschaeftspraktiken-Handout.pdf
[2010.05.03 12:33:09 | 000,058,880 | ---- | C] () -- C:\Users\Stefan\Documents\Irreführende Geschäftspraktiken.doc
[2010.04.30 15:11:21 | 000,078,336 | ---- | C] () -- C:\Users\Stefan\Documents\Österreichisches Anwaltsblatt 2006.doc
[2010.04.28 23:10:51 | 000,064,512 | ---- | C] () -- C:\Users\Stefan\Documents\Zivilverfahren.doc
[2010.04.27 17:29:58 | 000,064,000 | ---- | C] () -- C:\Users\Stefan\Documents\ZPO judikatur.doc
[2010.04.26 14:19:02 | 000,046,592 | ---- | C] () -- C:\Users\Stefan\Desktop\Handout.doc
[2010.04.25 14:55:46 | 000,965,760 | ---- | C] () -- C:\Users\Stefan\Desktop\101_1633.JPG
[2010.04.24 08:24:24 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.04.23 20:13:05 | 000,000,949 | ---- | C] () -- C:\Users\Stefan\Desktop\Windows Media Player.lnk
[2010.04.23 19:56:07 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.03.04 15:52:39 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.03.03 15:10:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >

OTL Extras logfile created on: 09.05.2010 22:12:53 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Stefan\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,42 Gb Total Space | 137,44 Gb Free Space | 59,13% Space Free | Partition Type: NTFS
Drive D: | 1,46 Gb Total Space | 1,42 Gb Free Space | 96,99% Space Free | Partition Type: NTFS
Drive E: | 231,87 Gb Total Space | 231,51 Gb Free Space | 99,84% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEFAN-PC
Current User Name: Stefan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [BIPA FotoShop] -- "C:\Program Files\BIPA\BIPA FotoShop\BIPA FotoShop.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C82792-DF89-4EBB-A63D-49ACCE97EFE0}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{60565E30-2C9C-48B6-87F2-93A01785792E}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{EEA9051F-9C5A-4AF6-8B4D-9E20651E0138}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"TCP Query User{030DE965-EDB6-4AC0-9805-8C7300215E8A}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{0657988D-55B1-4CD1-B587-94C762F5A862}C:\users\stefan\appdata\local\temp\nrktcvy.exe" = protocol=6 | dir=in | app=c:\users\stefan\appdata\local\temp\nrktcvy.exe |
"TCP Query User{5C746AB5-5EC9-4742-AF6B-C4CB7F74B624}C:\users\stefan\appdata\local\temp\khvcol.exe" = protocol=6 | dir=in | app=c:\users\stefan\appdata\local\temp\khvcol.exe |
"TCP Query User{B29CAA99-5248-4BA1-B00A-D9A6A1BBFF06}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{BF43FADC-076C-4EB1-8D16-ECF9EB47F443}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{BFAF8612-2B1E-4C3D-899E-A24660FFD209}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D6342BC1-3328-4FB1-BED4-D15E552025AF}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{F589B205-A8C8-4D5A-B322-5EE94D3F4C67}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{362A698F-3BFC-42F1-8269-88882F850243}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{4AED3DDE-0FA3-4621-9A62-6DBE6E987783}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{90E29CFE-24DA-47D7-BC4C-6B11B359E2F5}C:\users\stefan\appdata\local\temp\khvcol.exe" = protocol=17 | dir=in | app=c:\users\stefan\appdata\local\temp\khvcol.exe |
"UDP Query User{A5477C4D-4869-4E4D-A165-4960C7117BDE}C:\users\stefan\appdata\local\temp\nrktcvy.exe" = protocol=17 | dir=in | app=c:\users\stefan\appdata\local\temp\nrktcvy.exe |
"UDP Query User{B3E38714-628A-4917-823D-1B3D9676DDB2}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{B454AF3F-B9E9-4140-8D4D-4C22C80641FB}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{CDEECFFF-80A5-4A3D-AF3E-043838413DBE}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{D14D5315-B89C-4BFB-B06C-B7ECEF5B4383}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG Free 9.0
"BIPA FotoShop" = BIPA FotoShop
"CCleaner" = CCleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 3.2.9
"TVUPlayer" = TVUPlayer 2.5.2.2
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"sc10-ORF_MAIN" = ORF-Ski Challenge 2010

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08.05.2010 10:48:32 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BNEF5D.tmp, Version 0.0.0.0, Zeitstempel 0x4bd73d0e,
fehlerhaftes Modul BNEF5D.tmp, Version 0.0.0.0, Zeitstempel 0x4bd73d0e, Ausnahmecode
0xc0000005, Fehleroffset 0x00001c71, Prozess-ID 0x36c, Anwendungsstartzeit 01caeebd87aa323e.

Error - 08.05.2010 10:48:34 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.2.3743, Zeitstempel
0x4bb4be02, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18005, Zeitstempel
0x49e037dd, Ausnahmecode 0xc0000096, Fehleroffset 0x000c9bc1, Prozess-ID 0xbb4,
Anwendungsstartzeit 01caeebc97c80a3e.

Error - 08.05.2010 10:49:00 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6002.18005, Zeitstempel
0x49e01da5, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18005, Zeitstempel
0x49e037dd, Ausnahmecode 0xc0000096, Fehleroffset 0x000c9bc1, Prozess-ID 0x1310,
Anwendungsstartzeit 01caeebd8825460e.

Error - 08.05.2010 10:49:04 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BN6A17.tmp, Version 0.0.0.0, Zeitstempel 0x4bd73d0e,
fehlerhaftes Modul BN6A17.tmp, Version 0.0.0.0, Zeitstempel 0x4bd73d0e, Ausnahmecode
0xc0000005, Fehleroffset 0x00001c71, Prozess-ID 0x134c, Anwendungsstartzeit 01caeebd9a7012ee.

Error - 08.05.2010 10:49:08 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mobsync.exe, Version 6.0.6001.18000, Zeitstempel
0x47918e41, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18005, Zeitstempel
0x49e037dd, Ausnahmecode 0xc0000096, Fehleroffset 0x000c9bc1, Prozess-ID 0xf94,
Anwendungsstartzeit 01caeebc9a9bac3e.

Error - 08.05.2010 10:51:59 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =

Error - 08.05.2010 12:34:31 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x000a0ce9, Prozess-ID 0x1134,
Anwendungsstartzeit 01caeecbeac22037.

Error - 08.05.2010 15:09:49 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
0x4b835fec, fehlerhaftes Modul Flash10e.ocx, Version 10.0.45.2, Zeitstempel 0x4b5f8faa,
Ausnahmecode 0xc0000005, Fehleroffset 0x0012c71c, Prozess-ID 0x174c, Anwendungsstartzeit
01caeee1c33ffb77.

Error - 09.05.2010 02:34:07 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =

Error - 09.05.2010 16:11:39 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 23.04.2010 02:39:08 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.109.219.153 für die Netzwerkkarte mit der Netzwerkadresse
002185F9F848 wurde durch den DHCP-Server 192.168.100.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 23.04.2010 02:39:39 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.100.2 über die
Netzwerkkarte mit der Netzwerkadresse 002185F9F848 ist verloren gegangen.

Error - 23.04.2010 14:09:44 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.109.219.153 für die Netzwerkkarte mit der Netzwerkadresse
002185F9F848 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 24.04.2010 01:38:25 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.109.219.153 für die Netzwerkkarte mit der Netzwerkadresse
002185F9F848 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 25.04.2010 02:02:30 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.109.219.153 für die Netzwerkkarte mit der Netzwerkadresse
002185F9F848 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 25.04.2010 07:15:27 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.109.219.153 für die Netzwerkkarte mit der Netzwerkadresse
002185F9F848 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 25.04.2010 08:55:02 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.109.219.153 für die Netzwerkkarte mit der Netzwerkadresse
002185F9F848 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 26.04.2010 01:43:36 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.109.219.153 für die Netzwerkkarte mit der Netzwerkadresse
002185F9F848 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 26.04.2010 08:00:00 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.109.219.153 für die Netzwerkkarte mit der Netzwerkadresse
002185F9F848 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 26.04.2010 11:29:43 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.109.219.153 für die Netzwerkkarte mit der Netzwerkadresse
002185F9F848 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

< End of report >

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:56, on 09.05.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Stefan\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

End of file - 3805 bytes

---

Ich bedanke mich schon mal vorwegs für eure Bemühung!

cosinus · 10.05.2010, 13:51

Hallo und

Zitat:

Art des Suchlaufs: Quick-Scan

Bitte einen Vollscan machen.

AVG findet ständig den Trojaner Generic 17.BTYT

Plagegeister aller Art und deren Bekämpfung: AVG findet ständig den Trojaner Generic 17.BTYT

AVG findet ständig den Trojaner Generic 17.BTYT

AVG findet ständig den Trojaner Generic 17.BTYT

Ähnliche Themen: AVG findet ständig den Trojaner Generic 17.BTYT