Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: AVG findet ständig den Trojaner Generic 17.BTYT

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.05.2010, 21:18   #1
58Divad91
 
AVG findet ständig den Trojaner Generic 17.BTYT - Standard

AVG findet ständig den Trojaner Generic 17.BTYT



Guten Abend.

Ich habe das Problem seit gestern. Neben den dauernden Funden öffnet sich auch ständig der Internet Explorer mit irgendwelchen Werbungsseiten.



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org


Datenbank Version: 4084

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

09.05.2010 22:05:32
mbam-log-2010-05-09 (22-05-32).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 114671
Laufzeit: 5 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 14

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-4480008914-7969877806-619256613-0165\mgrls32.exe,C:\RECYCLER\S-1-5-21-7646174689-0760735641-917597974-0094\mgrls32.exe,C:\RECYCLER\S-1-5-21-2468306877-0664425142-686917256-4970\mgrls32.exe,C:\RECYCLER\S-1-5-21-3928710477-4636649543-707606672-5643\mgrls32.exe,C:\RECYCLER\S-1-5-21-2636442893-2972751270-311046325-5175\mgrls32.exe,C:\RECYCLER\S-1-5-21-0394492057-4020255423-994094715-8815\mgrls32.exe,C:\RECYCLER\S-1-5-21-9006084975-8962305842-403298381-9423\mgrls32.exe,C:\RECYCLER\S-1-5-21-3931207719-2266119832-522709194-9648\mgrls32.exe,C:\RECYCLER\S-1-5-21-8259455756-9093108046-593233449-4044\mgrls32.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0190469821-5224077591-459140576-4458\mgrls32.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\RECYCLER\S-1-5-21-0190469821-5224077591-459140576-4458\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0394492057-4020255423-994094715-8815\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2468306877-0664425142-686917256-4970\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2636442893-2972751270-311046325-5175\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3928710477-4636649543-707606672-5643\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3931207719-2266119832-522709194-9648\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-4480008914-7969877806-619256613-0165\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-7646174689-0760735641-917597974-0094\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-8259455756-9093108046-593233449-4044\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-9006084975-8962305842-403298381-9423\mgrls32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\Windows\system32\Drivers\jcpuaxx.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Stefan\AppData\Local\Temp\Ash.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


---

OTL logfile created on: 09.05.2010 22:12:53 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Stefan\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,42 Gb Total Space | 137,44 Gb Free Space | 59,13% Space Free | Partition Type: NTFS
Drive D: | 1,46 Gb Total Space | 1,42 Gb Free Space | 96,99% Space Free | Partition Type: NTFS
Drive E: | 231,87 Gb Total Space | 231,51 Gb Free Space | 99,84% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEFAN-PC
Current User Name: Stefan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Stefan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Stefan\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE E4 97 31 BD EE CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.74

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.23 19:56:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.23 19:55:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.08 19:43:15 | 000,000,000 | ---D | M]

[2010.03.03 13:54:02 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2010.05.09 21:12:33 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\letz8p2x.default\extensions
[2010.03.03 14:48:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\letz8p2x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.09 21:12:26 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\letz8p2x.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.04.03 15:47:00 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\letz8p2x.default\extensions\firefox@tvunetworks.com
[2010.05.08 19:43:15 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.08 19:43:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{008ed5d8-18c6-11df-b36f-fc8ce60d8993}\Shell - "" = AutoRun
O33 - MountPoints2\{008ed5d8-18c6-11df-b36f-fc8ce60d8993}\Shell\AutoRun\command - "" = J:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.09 21:57:54 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes
[2010.05.09 21:57:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.09 21:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.09 21:57:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.09 21:57:40 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.09 21:46:48 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.05.09 21:17:56 | 000,000,000 | ---D | C] -- C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010.05.09 21:17:50 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.05.08 19:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.05.08 19:43:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.05.08 19:43:15 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.05.08 19:43:15 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.05.08 19:43:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.05.08 19:43:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.05.08 16:37:06 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2010.05.01 15:26:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\TVUAx
[2010.04.24 15:44:16 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\06FCF4F30DB0B17BADD9408258515561
[2010.04.24 08:25:25 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\vlc
[2010.04.24 08:24:17 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2010.04.23 19:55:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\xing shared
[2010.04.14 08:11:51 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 08:11:50 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 08:11:49 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 08:11:46 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.14 08:11:46 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.09 22:15:01 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\jcpuaxx.sys
[2010.05.09 22:12:10 | 002,359,296 | -HS- | M] () -- C:\Users\Stefan\NTUSER.DAT
[2010.05.09 22:10:58 | 000,053,920 | ---- | M] () -- C:\Users\Stefan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.09 22:10:50 | 000,052,878 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.05.09 22:10:50 | 000,052,878 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.05.09 22:10:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.09 22:10:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.09 22:10:28 | 000,247,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.09 22:10:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.09 22:10:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.09 22:09:57 | 1878,319,104 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.09 22:08:46 | 000,524,288 | -HS- | M] () -- C:\Users\Stefan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.05.09 22:08:46 | 000,065,536 | -HS- | M] () -- C:\Users\Stefan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.05.09 22:08:43 | 001,977,195 | -H-- | M] () -- C:\Users\Stefan\AppData\Local\IconCache.db
[2010.05.09 21:57:44 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.09 21:55:12 | 000,013,358 | ---- | M] () -- C:\Users\Stefan\Documents\cc_20100509_215452.reg
[2010.05.09 21:46:50 | 000,001,675 | ---- | M] () -- C:\Users\Stefan\Desktop\CCleaner.lnk
[2010.05.09 17:48:30 | 059,766,168 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.05.09 13:37:23 | 003,777,591 | R--- | M] () -- C:\Users\Stefan\Desktop\K_naan___David_Bisbal_-_Wavin__Flag.mp3
[2010.05.09 13:21:43 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.09 13:21:43 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.09 13:21:43 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.09 13:21:43 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.09 13:21:43 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.07 14:02:25 | 000,018,432 | ---- | M] () -- C:\Users\Stefan\Documents\Training dbdt.xls
[2010.05.03 12:39:39 | 000,132,058 | ---- | M] () -- C:\Users\Stefan\Documents\Aggressive_Geschaeftspraktiken-Handout.pdf
[2010.05.03 12:33:09 | 000,058,880 | ---- | M] () -- C:\Users\Stefan\Documents\Irreführende Geschäftspraktiken.doc
[2010.05.03 12:23:08 | 000,064,512 | ---- | M] () -- C:\Users\Stefan\Documents\Zivilverfahren.doc
[2010.05.02 10:55:20 | 000,064,000 | ---- | M] () -- C:\Users\Stefan\Documents\ZPO judikatur.doc
[2010.04.30 15:11:22 | 000,078,336 | ---- | M] () -- C:\Users\Stefan\Documents\Österreichisches Anwaltsblatt 2006.doc
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.26 14:19:02 | 000,046,592 | ---- | M] () -- C:\Users\Stefan\Desktop\Handout.doc
[2010.04.26 09:20:26 | 000,053,920 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2010.04.24 08:24:24 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.04.23 19:56:07 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.04.23 19:55:55 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010.04.23 19:55:34 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010.04.23 19:55:33 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010.04.23 19:54:51 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010.04.21 09:45:32 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.04.12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.04.12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.04.12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.09 21:57:44 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.09 21:55:09 | 000,013,358 | ---- | C] () -- C:\Users\Stefan\Documents\cc_20100509_215452.reg
[2010.05.09 21:46:50 | 000,001,675 | ---- | C] () -- C:\Users\Stefan\Desktop\CCleaner.lnk
[2010.05.09 13:37:23 | 003,777,591 | R--- | C] () -- C:\Users\Stefan\Desktop\K_naan___David_Bisbal_-_Wavin__Flag.mp3
[2010.05.08 16:39:16 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\jcpuaxx.sys
[2010.05.03 12:39:39 | 000,132,058 | ---- | C] () -- C:\Users\Stefan\Documents\Aggressive_Geschaeftspraktiken-Handout.pdf
[2010.05.03 12:33:09 | 000,058,880 | ---- | C] () -- C:\Users\Stefan\Documents\Irreführende Geschäftspraktiken.doc
[2010.04.30 15:11:21 | 000,078,336 | ---- | C] () -- C:\Users\Stefan\Documents\Österreichisches Anwaltsblatt 2006.doc
[2010.04.28 23:10:51 | 000,064,512 | ---- | C] () -- C:\Users\Stefan\Documents\Zivilverfahren.doc
[2010.04.27 17:29:58 | 000,064,000 | ---- | C] () -- C:\Users\Stefan\Documents\ZPO judikatur.doc
[2010.04.26 14:19:02 | 000,046,592 | ---- | C] () -- C:\Users\Stefan\Desktop\Handout.doc
[2010.04.25 14:55:46 | 000,965,760 | ---- | C] () -- C:\Users\Stefan\Desktop\101_1633.JPG
[2010.04.24 08:24:24 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.04.23 20:13:05 | 000,000,949 | ---- | C] () -- C:\Users\Stefan\Desktop\Windows Media Player.lnk
[2010.04.23 19:56:07 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.03.04 15:52:39 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.03.03 15:10:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >

OTL Extras logfile created on: 09.05.2010 22:12:53 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Stefan\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,42 Gb Total Space | 137,44 Gb Free Space | 59,13% Space Free | Partition Type: NTFS
Drive D: | 1,46 Gb Total Space | 1,42 Gb Free Space | 96,99% Space Free | Partition Type: NTFS
Drive E: | 231,87 Gb Total Space | 231,51 Gb Free Space | 99,84% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEFAN-PC
Current User Name: Stefan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [BIPA FotoShop] -- "C:\Program Files\BIPA\BIPA FotoShop\BIPA FotoShop.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C82792-DF89-4EBB-A63D-49ACCE97EFE0}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{60565E30-2C9C-48B6-87F2-93A01785792E}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{EEA9051F-9C5A-4AF6-8B4D-9E20651E0138}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"TCP Query User{030DE965-EDB6-4AC0-9805-8C7300215E8A}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{0657988D-55B1-4CD1-B587-94C762F5A862}C:\users\stefan\appdata\local\temp\nrktcvy.exe" = protocol=6 | dir=in | app=c:\users\stefan\appdata\local\temp\nrktcvy.exe |
"TCP Query User{5C746AB5-5EC9-4742-AF6B-C4CB7F74B624}C:\users\stefan\appdata\local\temp\khvcol.exe" = protocol=6 | dir=in | app=c:\users\stefan\appdata\local\temp\khvcol.exe |
"TCP Query User{B29CAA99-5248-4BA1-B00A-D9A6A1BBFF06}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{BF43FADC-076C-4EB1-8D16-ECF9EB47F443}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{BFAF8612-2B1E-4C3D-899E-A24660FFD209}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D6342BC1-3328-4FB1-BED4-D15E552025AF}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{F589B205-A8C8-4D5A-B322-5EE94D3F4C67}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{362A698F-3BFC-42F1-8269-88882F850243}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{4AED3DDE-0FA3-4621-9A62-6DBE6E987783}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{90E29CFE-24DA-47D7-BC4C-6B11B359E2F5}C:\users\stefan\appdata\local\temp\khvcol.exe" = protocol=17 | dir=in | app=c:\users\stefan\appdata\local\temp\khvcol.exe |
"UDP Query User{A5477C4D-4869-4E4D-A165-4960C7117BDE}C:\users\stefan\appdata\local\temp\nrktcvy.exe" = protocol=17 | dir=in | app=c:\users\stefan\appdata\local\temp\nrktcvy.exe |
"UDP Query User{B3E38714-628A-4917-823D-1B3D9676DDB2}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{B454AF3F-B9E9-4140-8D4D-4C22C80641FB}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{CDEECFFF-80A5-4A3D-AF3E-043838413DBE}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{D14D5315-B89C-4BFB-B06C-B7ECEF5B4383}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG Free 9.0
"BIPA FotoShop" = BIPA FotoShop
"CCleaner" = CCleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 3.2.9
"TVUPlayer" = TVUPlayer 2.5.2.2
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"sc10-ORF_MAIN" = ORF-Ski Challenge 2010

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08.05.2010 10:48:32 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BNEF5D.tmp, Version 0.0.0.0, Zeitstempel 0x4bd73d0e,
fehlerhaftes Modul BNEF5D.tmp, Version 0.0.0.0, Zeitstempel 0x4bd73d0e, Ausnahmecode
0xc0000005, Fehleroffset 0x00001c71, Prozess-ID 0x36c, Anwendungsstartzeit 01caeebd87aa323e.

Error - 08.05.2010 10:48:34 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.2.3743, Zeitstempel
0x4bb4be02, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18005, Zeitstempel
0x49e037dd, Ausnahmecode 0xc0000096, Fehleroffset 0x000c9bc1, Prozess-ID 0xbb4,
Anwendungsstartzeit 01caeebc97c80a3e.

Error - 08.05.2010 10:49:00 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6002.18005, Zeitstempel
0x49e01da5, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18005, Zeitstempel
0x49e037dd, Ausnahmecode 0xc0000096, Fehleroffset 0x000c9bc1, Prozess-ID 0x1310,
Anwendungsstartzeit 01caeebd8825460e.

Error - 08.05.2010 10:49:04 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BN6A17.tmp, Version 0.0.0.0, Zeitstempel 0x4bd73d0e,
fehlerhaftes Modul BN6A17.tmp, Version 0.0.0.0, Zeitstempel 0x4bd73d0e, Ausnahmecode
0xc0000005, Fehleroffset 0x00001c71, Prozess-ID 0x134c, Anwendungsstartzeit 01caeebd9a7012ee.

Error - 08.05.2010 10:49:08 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mobsync.exe, Version 6.0.6001.18000, Zeitstempel
0x47918e41, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18005, Zeitstempel
0x49e037dd, Ausnahmecode 0xc0000096, Fehleroffset 0x000c9bc1, Prozess-ID 0xf94,
Anwendungsstartzeit 01caeebc9a9bac3e.

Error - 08.05.2010 10:51:59 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =

Error - 08.05.2010 12:34:31 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x000a0ce9, Prozess-ID 0x1134,
Anwendungsstartzeit 01caeecbeac22037.

Error - 08.05.2010 15:09:49 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
0x4b835fec, fehlerhaftes Modul Flash10e.ocx, Version 10.0.45.2, Zeitstempel 0x4b5f8faa,
Ausnahmecode 0xc0000005, Fehleroffset 0x0012c71c, Prozess-ID 0x174c, Anwendungsstartzeit
01caeee1c33ffb77.

Error - 09.05.2010 02:34:07 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =

Error - 09.05.2010 16:11:39 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 23.04.2010 02:39:08 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.109.219.153 für die Netzwerkkarte mit der Netzwerkadresse
002185F9F848 wurde durch den DHCP-Server 192.168.100.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 23.04.2010 02:39:39 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.100.2 über die
Netzwerkkarte mit der Netzwerkadresse 002185F9F848 ist verloren gegangen.

Error - 23.04.2010 14:09:44 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.109.219.153 für die Netzwerkkarte mit der Netzwerkadresse
002185F9F848 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 24.04.2010 01:38:25 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.109.219.153 für die Netzwerkkarte mit der Netzwerkadresse
002185F9F848 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 25.04.2010 02:02:30 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.109.219.153 für die Netzwerkkarte mit der Netzwerkadresse
002185F9F848 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 25.04.2010 07:15:27 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.109.219.153 für die Netzwerkkarte mit der Netzwerkadresse
002185F9F848 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 25.04.2010 08:55:02 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.109.219.153 für die Netzwerkkarte mit der Netzwerkadresse
002185F9F848 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 26.04.2010 01:43:36 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.109.219.153 für die Netzwerkkarte mit der Netzwerkadresse
002185F9F848 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 26.04.2010 08:00:00 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.109.219.153 für die Netzwerkkarte mit der Netzwerkadresse
002185F9F848 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 26.04.2010 11:29:43 | Computer Name = Stefan-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.109.219.153 für die Netzwerkkarte mit der Netzwerkadresse
002185F9F848 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).


< End of report >

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:56, on 09.05.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Stefan\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

End of file - 3805 bytes

---

Ich bedanke mich schon mal vorwegs für eure Bemühung!

Geändert von 58Divad91 (09.05.2010 um 21:29 Uhr)

Alt 10.05.2010, 13:51   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AVG findet ständig den Trojaner Generic 17.BTYT - Standard

AVG findet ständig den Trojaner Generic 17.BTYT



Hallo und

Zitat:
Art des Suchlaufs: Quick-Scan
Bitte einen Vollscan machen.
__________________

__________________

Antwort

Themen zu AVG findet ständig den Trojaner Generic 17.BTYT
0x00000001, avg free, bho, components, corp./icp, desktop, error, excel, excel.exe, firefox, firefox 3.6.3, firefox.exe, flash player, fontcache, format, hijack.shell, home, home premium, iexplore.exe, install.exe, installation, internet, internet explorer, ip-adresse, langs, local\temp, location, logfile, mozilla, nvlddmkm.sys, nvstor.sys, object, oldtimer, otl.exe, plug-in, port, problem, programdata, registry, rundll, saver, searchplugins, security, shell32.dll, software, system, trojan.downloader, trojaner, udp, vista, worm.autorun, worm.autorun.b




Ähnliche Themen: AVG findet ständig den Trojaner Generic 17.BTYT


  1. malwarebytes findet immer gleichen Trojaner, Internetexplorer steigt ständig aus
    Log-Analyse und Auswertung - 01.09.2014 (15)
  2. Ständig Pop ups, Malwarebytes findet Malware
    Plagegeister aller Art und deren Bekämpfung - 11.06.2014 (11)
  3. Avira findet ständig Trojaner TR/Patched.Ren.Gen und kann ihn nicht entfernen
    Log-Analyse und Auswertung - 05.06.2014 (21)
  4. Kaspersky findet HEUR:Trojan.Script.Generic
    Plagegeister aller Art und deren Bekämpfung - 31.01.2014 (13)
  5. AVIRA findet ständig TR/Patched.Ren.Gen
    Log-Analyse und Auswertung - 14.01.2014 (17)
  6. avast findet Java Trojaner/Firefox öffnete ständig tabs
    Plagegeister aller Art und deren Bekämpfung - 01.12.2013 (9)
  7. Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (24)
  8. Kaspersky findet trojanisches Programm HEUR:Trojan.Script.generic
    Plagegeister aller Art und deren Bekämpfung - 05.04.2013 (4)
  9. AntiVir findet TR/ATRAPS.Gen2 ständig
    Log-Analyse und Auswertung - 29.05.2012 (18)
  10. desinfec't findet Trojan.Generic.7110870, EXP/CVE-2010-3653.A und TR/Crypt.XPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 20.01.2012 (34)
  11. Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht
    Log-Analyse und Auswertung - 06.01.2012 (61)
  12. simdemo.exe mit Trojaner Generic 22.BSSM & Generic 26.KCB
    Log-Analyse und Auswertung - 28.12.2011 (7)
  13. G Data Total Care findet Win32:Malware-gen; Trojan.Generic.4880128; Java:Agent-CU[Expl]
    Plagegeister aller Art und deren Bekämpfung - 12.02.2011 (7)
  14. AVG findet Trojaner: Generic 17. BKOG -> Entfernung nicht möglich
    Log-Analyse und Auswertung - 01.05.2010 (11)
  15. Vista lahm, G-Data findet Trojan.Generic ... Nero schuld oder Virus/Malware?
    Log-Analyse und Auswertung - 14.02.2010 (3)
  16. HAbe ständig Upload und Worm.generic befall
    Log-Analyse und Auswertung - 06.02.2007 (3)
  17. AVK2006 findet Generic.Qhost.D49E669F auf der Seite www.av-comparatives.org
    Plagegeister aller Art und deren Bekämpfung - 01.08.2006 (2)

Zum Thema AVG findet ständig den Trojaner Generic 17.BTYT - Guten Abend. Ich habe das Problem seit gestern. Neben den dauernden Funden öffnet sich auch ständig der Internet Explorer mit irgendwelchen Werbungsseiten. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4084 Windows - AVG findet ständig den Trojaner Generic 17.BTYT...
Archiv
Du betrachtest: AVG findet ständig den Trojaner Generic 17.BTYT auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.