| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avira findet Trojaner TR/FakeAV.vxjWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.01.2011, 20:12
| #1 |
 |  Avira findet Trojaner TR/FakeAV.vxj Hallo liebes Board, hallo lieber Cosinus (falls Du Dich meiner annimmst, Du hattest mir schon mal geholfen  ),mein Avira hat am 7.12.2010 o.g. Trojaner in der Datei D:/Config.Msi/275dcd.rbf gefunden und sie nach dem Suchlauf in Quarantäne verschoben. Leider kann ich keine Logdatei mehr posten, da sie nicht mehr verfügbar ist (zumindest finde ich sie nicht - gibt es da noch eine Möglichkeit?). Ein Malwarebytes-Scan direkt im Anschluss brachte keinerlei Fund. Ich weiß, ich bin spät dran, aber ich war beruflich viel unterwegs und konnte nicht früher posten. Alle weiteren Avira- UND Malwarebytes-Scans seitdem waren immer ohne Fund. Ich hänge hier das aktuelle Avira- und MB-Log von heute dran. Ich wäre sehr dankbar, wenn Ihr mir trotz meiner "Verspätung" helfen könntet zu schauen, ob mein System irgendwo betroffen ist. Ich bin nie als Admin eingeloggt, also bitte Bescheid geben, wenn ich einen bestimmten Schritt als Administrator ausführen soll. Vielen Dank erst einmal und Happy New Year an alle! |
|
02.01.2011, 12:53
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avira findet Trojaner TR/FakeAV.vxj Systemscan mit OTL
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
02.01.2011, 13:20
| #3 |
| | Avira findet Trojaner TR/FakeAV.vxj Hi Arne,
__________________hier die Logfiles - ich hab' mal vorsichtshalber als Admin gescannt und habe "60 Tage" eingestellt, weil ich nicht wusste, wann ich das letzte Mal VOR dem 7.12.2010 das System gescannt habe. Danke, dass Du Dich meiner annimmst |
|
02.01.2011, 13:54
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira findet Trojaner TR/FakeAV.vxj Ist unauffällig. Gabs noch Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.01.2011, 19:26
| #5 |
| | Avira findet Trojaner TR/FakeAV.vxj nein, der Trojaner sitzt noch in Avira-Quarantäne, ansonsten hatte ich seitdem keinen Fund mehr, weder bei Avira, noch bei MB. Allerdings bekomme ich ab und an eine Fehlermeldung "explorer.exe muss auf Grund eines Fehlers beendet werden", die ich nicht verstehe und bei der ich auch nicht weiß, woher sie kommt. Geändert von illu2 (02.01.2011 um 19:31 Uhr) |
|
02.01.2011, 19:45
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira findet Trojaner TR/FakeAV.vxj Führ mal CF aus: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Avira findet Trojaner TR/FakeAV.vxj |
|
03.01.2011, 16:28
| #7 |
| | Avira findet Trojaner TR/FakeAV.vxj Lieber Arne, anbei das CF-Log. Vielen Dank schon mal fürs Anschauen! |
|
03.01.2011, 18:48
| #8 |
| | Avira findet Trojaner TR/FakeAV.vxj ups, sorry, Du wolltest das Log ja direkt hier in den Beitrag gepostet haben... Et voilà :Combofix Logfile: Code:
ATTFilter ComboFix 11-01-02.04 - *** 03.01.2011 16:06:40.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.579 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokumente und einstellungen\***\Anwendungsdaten\inst.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-03 bis 2011-01-03 ))))))))))))))))))))))))))))))
.
2010-12-31 10:53 . 2010-12-31 10:53 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Textures
2010-12-31 10:53 . 2010-12-31 10:53 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Patterns
2010-12-31 10:53 . 2010-12-31 10:53 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Tubes
2010-12-31 10:53 . 2010-12-31 10:53 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Styled Lines
2010-12-31 10:53 . 2010-12-31 10:53 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Shapes
2010-12-31 10:53 . 2010-12-31 10:53 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Frames
2010-12-31 10:53 . 2010-12-31 10:53 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Brushes
2010-12-27 20:13 . 2010-12-27 20:33 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\vlc
2010-12-27 16:13 . 2010-12-27 17:50 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Epson
2010-12-27 16:06 . 2007-09-07 16:33 135168 ----a-w- c:\windows\system32\EEBAPI.dll
2010-12-27 16:06 . 2007-03-28 17:26 65536 ----a-w- c:\windows\system32\EEBUtil.dll
2010-12-27 16:06 . 2006-12-19 17:31 110592 ----a-w- c:\windows\system32\EEBDSCVR.dll
2010-12-27 16:06 . 2006-12-19 17:20 77824 ----a-w- c:\windows\system32\EBAPI.dll
2010-12-27 16:06 . 2003-12-17 00:01 55808 ----a-w- c:\windows\system32\EEBSDKIF.dll
2010-12-27 16:06 . 2007-04-10 01:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2010-12-27 16:06 . 2009-10-01 03:01 63488 ----a-w- c:\windows\system32\E_FD4BGIE.DLL
2010-12-27 16:06 . 2008-11-12 03:00 93696 ----a-w- c:\windows\system32\E_FLBGIE.DLL
2010-12-27 16:02 . 2008-12-01 12:00 457611 ----a-w- c:\windows\system32\ensppui.dll
2010-12-27 16:02 . 2008-12-01 12:00 457611 ----a-w- c:\windows\system32\enppui.dll
2010-12-27 16:02 . 2008-12-01 11:58 474892 ----a-w- c:\windows\system32\ensppmon.dll
2010-12-27 16:02 . 2008-12-01 11:58 474892 ----a-w- c:\windows\system32\enppmon.dll
2010-12-27 15:04 . 2010-12-27 15:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\EPSON
2010-12-27 15:04 . 2010-12-27 15:09 -------- d-----w- c:\programme\epson
2010-12-23 00:18 . 2010-12-23 00:18 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\vlc
2010-12-19 12:49 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-19 12:48 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-22 09:32 . 2010-05-16 22:58 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-24 10:25 . 2009-03-20 16:28 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:12 . 2006-10-27 05:14 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-05-16 22:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2007-01-25 12:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 00:21 . 2004-09-07 15:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2004-09-07 15:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2004-09-07 15:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 17:44 . 2009-10-28 23:47 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-03 12:25 . 2004-09-07 15:33 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-09-07 15:33 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:12 . 2004-09-07 15:33 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:05 . 2004-09-07 15:34 1853440 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 23:57 . 2010-10-13 23:57 371272 ----a-r- c:\dokumente und einstellungen\***\Anwendungsdaten\Microsoft\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"phonostarTimer"="c:\programme\phonostar-Player\phonostarTimer.exe" [2010-04-01 39936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-07-28 110592]
"ATICCC"="c:\programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"Power_Gear"="c:\programme\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\programme\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"Wireless Console 2"="c:\programme\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-14 281768]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"FUFAXSTM"="c:\programme\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"EEventManager"="c:\programme\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programme\\eMule\\emule.exe"=
"c:\\Programme\\Azureus\\Azureus.exe"=
"c:\\Programme\\Xi\\NetXfer\\NetTransport.exe"=
"c:\\Programme\\eBay\\Turbo Lister2\\Tl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"=
"c:\\Programme\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Dokumente und Einstellungen\\***\\Lokale Einstellungen\\Anwendungsdaten\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13518:TCP"= 13518:TCP:Emule
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [16.05.2010 23:59 135336]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [25.08.2009 12:34 114952]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\programme\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\programme\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.***.com
IE: &Block This Image (ABP) - c:\programme\Adblock Pro\blockimg.html
IE: Alles mit NetXfer herunterladen - c:\programme\Xi\NetXfer\NXAddList.html
IE: Herunterladen mit NetXfer - c:\programme\Xi\NetXfer\NXAddLink.html
TCP: {6CD5D6CF-9CD5-425E-B57F-AFCCD3508DC0} = 145.253.2.196,145.253.2.174
TCP: {D079F8F2-7959-4E47-899A-BB87F98500CA} = 145.253.2.196,145.253.2.174
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkda4zx.default\
FF - prefs.js: browser.search.selectedEngine - Ixquick - Deutsch
FF - prefs.js: browser.startup.homepage - hxxp://www.***.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-PhonostarTimer - c:\programme\phonostar\ps_timer.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.***.net
Rootkit scan 2011-01-03 16:11
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Ahead\Nero - Burning Rom\Settings\ExpressAudioListCtrl]
@DACL=(02 0000)
"0"="0,45,0,62494,1"
"1"="1,140,0,62495,1"
"2"="2,140,0,62496,1"
"3"="3,115,0,62497,1"
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Ahead\Nero - Burning Rom\Settings\ExpressIsoListCtrl]
@DACL=(02 0000)
"FILENAME"="0,349,0,664,1"
"FILESIZE"="1,90,1,671,1"
"FILETYPE"="2,60,0,62441,1"
"FILEDATE"="3,70,1,675,1"
"FILEATTRIBUTE"="4,60,0,673,0"
"FILEPRIORITY"="5,80,0,676,0"
"FILEORIGIN"="6,150,0,62931,0"
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Ahead\Nero - Burning Rom\Settings\ExpressMP3ListCtrl]
@DACL=(02 0000)
"0"="0,130,0,32975,1"
"1"="1,75,0,32964,1"
"2"="2,110,0,32965,1"
"3"="3,80,0,32966,1"
"4"="4,75,0,32967,1"
"5"="5,75,1,32968,1"
"6"="6,80,1,32969,1"
"7"="7,80,1,32970,1"
"8"="8,170,0,32971,1"
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Ahead\Nero - Burning Rom\Settings\NeroIsoListCtrl]
@DACL=(02 0000)
"FILENAME"="0,120,0,664,1"
"FILESIZE"="1,90,1,671,1"
"FILETYPE"="2,60,0,62441,1"
"FILEDATE"="3,70,1,675,1"
"FILEATTRIBUTE"="4,60,0,673,0"
"FILEPRIORITY"="5,80,0,676,0"
"FILEORIGIN"="6,150,0,62931,0"
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Local AppWizard-Generated Applications\ASUS_MULTIFRAME_CLASS]
@DACL=(02 0000)
@SACL=
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Microsoft\MediaPlayer\Preferences\CD-Laufwerk (E:)]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Microsoft\MediaPlayer\Preferences\EqualizerSettings]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Microsoft\MediaPlayer\Preferences\Library]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Microsoft\MediaPlayer\Preferences\ProxySettings]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Microsoft\MediaPlayer\Preferences\VideoSettings]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Microsoft\MediaPlayer\Preferences\{292d7f4a-ac08-11db-8c00-806d6172696f}]
@DACL=(02 0000)
"CDReadRate"=hex:54,1e,71,40
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipp\OpenWithProgIds]
@DACL=(02 0000)
@SACL=
"ASUS Net4Switch configuration file"=hex:
[HKEY_LOCAL_MACHINE\software\Classes\Applications\RealPlay.exe\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\realplay.exe,0"
[HKEY_LOCAL_MACHINE\software\Classes\Applications\RealPlay.exe\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\Applications\RealPlay.exe\SupportedTypes]
@DACL=(02 0000)
@=""
".mp3"=""
".m3u"=""
".cda"=""
".wav"=""
".mpg"=""
".mpeg"=""
".mpv"=""
".mps"=""
".m2v"=""
".m1v"=""
".mpe"=""
".mpa"=""
".avi"=""
".mp4"=""
".m4e"=""
".rt"=""
".rnx"=""
".rmp"=""
".rms"=""
".rjs"=""
".ra"=""
".rax"=""
".rm"=""
".rmvb"=""
".rp"=""
".ram"=""
".rmm"=""
".rsml"=""
".rv"=""
".rvx"=""
".rmj"=""
".rjt"=""
".rmx"=""
".wma"=""
".wmv"=""
".wax"=""
".asx"=""
".asf"=""
".wm"=""
".wmx"=""
".wvx"=""
".mov"=""
".qt"=""
".aac"=""
".m4a"=""
".m4p"=""
".mp2"=""
".mp1"=""
".mpga"=""
".pls"=""
".xpl"=""
".smi"=""
".smil"=""
".ssm"=""
".sdp"=""
".au"=""
".aif"=""
".aiff"=""
".mid"=""
".midi"=""
".rmi"=""
".acp"=""
".lmsff"=""
".lqt"=""
".lavs"=""
".lar"=""
".la1"=""
".3gp"=""
".amr"=""
".awb"=""
".3g2"=""
".divx"=""
".rpm"=""
[HKEY_LOCAL_MACHINE\software\Classes\pnm\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\pnm\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\pnm\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RJS.1\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RJS.1\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RJS.1\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RJT.1\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RJT.1\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RJT.1\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RMJ.1\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RMJ.1\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RMJ.1\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RMP.1\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RMP.1\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RMP.1\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RMX.1\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RMX.1\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RMX.1\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.3GPP2.10\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.3GPP2.10\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.3GPP2.10\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.3GPP_AMR.10\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.3GPP_AMR.10\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.3GPP_AMR.10\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.AMR.10\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.AMR.10\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.AMR.10\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.AMR_WB.10\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.AMR_WB.10\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.AMR_WB.10\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.AutoPlay.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.AutoPlay.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.AutoPlay.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.CDBurn.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.CDBurn.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.CDBurn.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.M4A.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.M4A.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.M4A.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.MPGA.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.MPGA.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.MPGA.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.PIX.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.PIX.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.PIX.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.PLSPL.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.PLSPL.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.PLSPL.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RA.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RA.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RA.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RAM.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RAM.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RAM.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RAX.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RAX.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RAX.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RM.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RM.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RM.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RMS.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,2"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RMS.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RMS.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RMVB.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RMVB.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RMVB.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RP.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\rnxproc.exe,0"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RP.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RSML.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RSML.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RSML.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RT.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RT.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RT.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RV.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RV.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RV.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RVX.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RVX.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RVX.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.SDP.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.SDP.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.SDP.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.SMIL.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.SMIL.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.SMIL.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\rtsp\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\rtsp\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\rtsp\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\SSM\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\SSM\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\SSM\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{00CEDBF1-864D-11D3-908D-00C0F03B3EDC}\1.0]
@DACL=(02 0000)
@="ierjplug 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{405DE7B2-E7DD-11D2-92C5-00C0F01F77C1}\1.0]
@DACL=(02 0000)
@="rpautostream 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{47F59201-8783-11D2-8343-00A0C945A819}\1.1]
@DACL=(02 0000)
@="RichFX Installation Manager 1.1 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{A67004E0-8362-42F9-B186-88706C346DD9}\1.0]
@DACL=(02 0000)
@="ierpplug 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\FIREFOX.EXE]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwDir]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
@DACL=(02 0000)
@SACL=
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\NeroBurnPlugin]
@DACL=(02 0000)
@SACL=
"ProgID"="MDNeroBurnPlugin.MDNeroBurnPlugin"
[HKEY_LOCAL_MACHINE\software\Xing Technology Corp.\SharedDlls]
@DACL=(02 0000)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1100)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2011-01-03 16:13:09
ComboFix-quarantined-files.txt 2011-01-03 15:13
Vor Suchlauf: 7.137.729.536 Bytes frei
Nach Suchlauf: 8.611.935.232 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - A79574CE2BE067A0EDD862A406A2D1AB
|
|
03.01.2011, 20:44
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira findet Trojaner TR/FakeAV.vxj Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.01.2011, 00:14
| #10 |
| | Avira findet Trojaner TR/FakeAV.vxj okay, here we go: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.***.net
Rootkit scan 2011-01-03 23:51:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541680J9SA00 rev.SB2OC70P
Running: gsdbwtuv.exe; Driver: C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\kwrdiaow.sys
---- System - GMER 1.0.15 ----
SSDT F7C0195E ZwCreateKey
SSDT F7C01954 ZwCreateThread
SSDT F7C01963 ZwDeleteKey
SSDT F7C0196D ZwDeleteValueKey
SSDT F7C01972 ZwLoadKey
SSDT F7C01940 ZwOpenProcess
SSDT F7C01945 ZwOpenThread
SSDT F7C0197C ZwReplaceKey
SSDT F7C01977 ZwRestoreKey
SSDT F7C01968 ZwSetValueKey
Code \??\C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
? C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \FileSystem\Fastfat \Fat B99F6D20
Device \FileSystem\Fastfat \Fat B9A06428
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwDir@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\NeroBurnPlugin@ProgID MDNeroBurnPlugin.MDNeroBurnPlugin
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\DefaultIcon@ C:\Programme\Real\RealPlayer\realplay.exe,0
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\shell\open
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\shell\open\command
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\shell\open\command@ C:\Programme\Real\RealPlayer\realplay.exe "%1"
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.mp3
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.m3u
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.cda
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.wav
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.mpg
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.mpeg
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.mpv
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.mps
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.m2v
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.m1v
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.mpe
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.mpa
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.avi
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.mp4
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.m4e
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.rt
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.rnx
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.rmp
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.rms
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.rjs
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.ra
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.rax
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.rm
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.rmvb
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.rp
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.ram
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.rmm
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.rsml
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.rv
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.rvx
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.rmj
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.rjt
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.rmx
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.wma
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.wmv
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.wax
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.asx
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.asf
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.wm
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.wmx
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.wvx
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.mov
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.qt
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.aac
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.m4a
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.m4p
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.mp2
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.mp1
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.mpga
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.pls
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.xpl
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.smi
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.smil
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.ssm
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.sdp
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.au
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.aif
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.aiff
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.mid
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.midi
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.rmi
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.acp
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.lmsff
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.lqt
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.lavs
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.lar
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.la1
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.3gp
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.amr
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.awb
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.3g2
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.divx
Reg HKLM\SOFTWARE\Classes\Applications\RealPlay.exe\SupportedTypes@.rpm
Reg HKLM\SOFTWARE\Classes\pnm\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\pnm\shell\open
Reg HKLM\SOFTWARE\Classes\pnm\shell\open\command
Reg HKLM\SOFTWARE\Classes\pnm\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\pnm\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\pnm\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\pnm\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJS.1\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJS.1\shell\open
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJS.1\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJS.1\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJS.1\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJS.1\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJS.1\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJT.1\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJT.1\shell\open
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJT.1\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJT.1\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJT.1\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJT.1\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJT.1\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMJ.1\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMJ.1\shell\open
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMJ.1\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMJ.1\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMJ.1\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMJ.1\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMJ.1\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMP.1\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMP.1\shell\open
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMP.1\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMP.1\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMP.1\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMP.1\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMP.1\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMX.1\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMX.1\shell\open
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMX.1\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMX.1\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMX.1\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMX.1\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMX.1\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.3GPP2.10\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.3GPP2.10\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.3GPP2.10\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.3GPP2.10\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.3GPP2.10\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.3GPP2.10\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.3GPP2.10\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.3GPP_AMR.10\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.3GPP_AMR.10\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.3GPP_AMR.10\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.3GPP_AMR.10\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.3GPP_AMR.10\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.3GPP_AMR.10\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.3GPP_AMR.10\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR.10\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR.10\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR.10\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR.10\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR.10\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR.10\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR.10\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR_WB.10\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR_WB.10\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR_WB.10\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR_WB.10\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR_WB.10\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR_WB.10\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR_WB.10\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe /autoplay "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe /burn "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.M4A.6\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.M4A.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.M4A.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.M4A.6\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.M4A.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.M4A.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.M4A.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.PIX.6\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.PIX.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.PIX.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.PIX.6\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.PIX.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.PIX.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.PIX.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.PLSPL.6\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.PLSPL.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.PLSPL.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.PLSPL.6\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.PLSPL.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.PLSPL.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.PLSPL.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RA.6\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.RA.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RA.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RA.6\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RA.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RA.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RA.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAM.6\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAM.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAM.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAM.6\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAM.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAM.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAM.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAX.6\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAX.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAX.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAX.6\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAX.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAX.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAX.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RM.6\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.RM.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RM.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RM.6\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RM.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RM.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RM.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMS.6\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,2
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMS.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMS.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMS.6\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMS.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMS.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMS.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMVB.6\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMVB.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMVB.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMVB.6\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMVB.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMVB.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMVB.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RP.6\DefaultIcon@ C:\Programme\Gemeinsame Dateien\Real\Update_OB\rnxproc.exe,0
Reg HKLM\SOFTWARE\Classes\RealPlayer.RP.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RP.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RP.6\shell\open\command@ "C:\Programme\Gemeinsame Dateien\Real\Update_OB\rnxproc.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RSML.6\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.RSML.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RSML.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RSML.6\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RSML.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RSML.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RSML.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RT.6\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.RT.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RT.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RT.6\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RT.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RT.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RT.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RV.6\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.RV.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RV.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RV.6\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RV.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RV.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RV.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RVX.6\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.RVX.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RVX.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RVX.6\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RVX.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RVX.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RVX.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.SDP.6\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.SDP.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.SDP.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.SDP.6\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.SDP.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.SDP.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.SDP.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.SMIL.6\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.SMIL.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.SMIL.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.SMIL.6\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.SMIL.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.SMIL.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.SMIL.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\rtsp\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\rtsp\shell\open
Reg HKLM\SOFTWARE\Classes\rtsp\shell\open\command
Reg HKLM\SOFTWARE\Classes\rtsp\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\rtsp\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\rtsp\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\rtsp\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\SSM\DefaultIcon@ C:\Programme\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\SSM\shell\open
Reg HKLM\SOFTWARE\Classes\SSM\shell\open\command
Reg HKLM\SOFTWARE\Classes\SSM\shell\open\command@ C:\Programme\Real\RealPlayer\RealPlay.exe "%1"
Reg HKLM\SOFTWARE\Classes\SSM\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\SSM\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\SSM\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\TypeLib\{00CEDBF1-864D-11D3-908D-00C0F03B3EDC}\1.0@ ierjplug 1.0 Type Library
Reg HKLM\SOFTWARE\Classes\TypeLib\{00CEDBF1-864D-11D3-908D-00C0F03B3EDC}\1.0\0
Reg HKLM\SOFTWARE\Classes\TypeLib\{00CEDBF1-864D-11D3-908D-00C0F03B3EDC}\1.0\FLAGS
Reg HKLM\SOFTWARE\Classes\TypeLib\{00CEDBF1-864D-11D3-908D-00C0F03B3EDC}\1.0\FLAGS@ 0
Reg HKLM\SOFTWARE\Classes\TypeLib\{00CEDBF1-864D-11D3-908D-00C0F03B3EDC}\1.0\HELPDIR
Reg HKLM\SOFTWARE\Classes\TypeLib\{00CEDBF1-864D-11D3-908D-00C0F03B3EDC}\1.0\HELPDIR@ C:\Programme\Real\RealPlayer\
Reg HKLM\SOFTWARE\Classes\TypeLib\{405DE7B2-E7DD-11D2-92C5-00C0F01F77C1}\1.0@ rpautostream 1.0 Type Library
Reg HKLM\SOFTWARE\Classes\TypeLib\{405DE7B2-E7DD-11D2-92C5-00C0F01F77C1}\1.0\0
Reg HKLM\SOFTWARE\Classes\TypeLib\{405DE7B2-E7DD-11D2-92C5-00C0F01F77C1}\1.0\FLAGS
Reg HKLM\SOFTWARE\Classes\TypeLib\{405DE7B2-E7DD-11D2-92C5-00C0F01F77C1}\1.0\FLAGS@ 0
Reg HKLM\SOFTWARE\Classes\TypeLib\{405DE7B2-E7DD-11D2-92C5-00C0F01F77C1}\1.0\HELPDIR
Reg HKLM\SOFTWARE\Classes\TypeLib\{405DE7B2-E7DD-11D2-92C5-00C0F01F77C1}\1.0\HELPDIR@ C:\Programme\Real\RealPlayer\
Reg HKLM\SOFTWARE\Classes\TypeLib\{47F59201-8783-11D2-8343-00A0C945A819}\1.1@ RichFX Installation Manager 1.1 Type Library
Reg HKLM\SOFTWARE\Classes\TypeLib\{47F59201-8783-11D2-8343-00A0C945A819}\1.1\0
Reg HKLM\SOFTWARE\Classes\TypeLib\{47F59201-8783-11D2-8343-00A0C945A819}\1.1\FLAGS
Reg HKLM\SOFTWARE\Classes\TypeLib\{47F59201-8783-11D2-8343-00A0C945A819}\1.1\FLAGS@ 0
Reg HKLM\SOFTWARE\Classes\TypeLib\{A67004E0-8362-42F9-B186-88706C346DD9}\1.0@ ierpplug 1.0 Type Library
Reg HKLM\SOFTWARE\Classes\TypeLib\{A67004E0-8362-42F9-B186-88706C346DD9}\1.0\0
Reg HKLM\SOFTWARE\Classes\TypeLib\{A67004E0-8362-42F9-B186-88706C346DD9}\1.0\FLAGS
Reg HKLM\SOFTWARE\Classes\TypeLib\{A67004E0-8362-42F9-B186-88706C346DD9}\1.0\FLAGS@ 0
---- EOF - GMER 1.0.15 ----
|
|
04.01.2011, 00:15
| #11 |
| | Avira findet Trojaner TR/FakeAV.vxj OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.***.ru/en/ Saved at 00:05:12 on 04.01.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "LocalCOM.cpl" - "東芝公司" - C:\WINDOWS\system32\LocalCOM.cpl "NeroBurnRights.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\NeroBurnRights.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.4.10.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys "ASFWHide" (ASFWHide) - ? - C:\WINDOWS\system32\drivers\ASFWHide.sys (File not found) "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "Bluetooth RFBNEP from TOSHIBA" (Tosrfbnp) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfbnp.sys "Bluetooth RFBUS from TOSHIBA" (Tosrfbd) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfbd.sys "Bluetooth RFCOMM from TOSHIBA" (Tosrfcom) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfcom.sys "Bluetooth RFHID from TOSHIBA" (Tosrfhid) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys "Bluetooth USB Controller" (Tosrfusb) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfusb.sys "catchme" (catchme) - ? - C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "CO_Mon" (CO_Mon) - ? - C:\WINDOWS\system32\Drivers\CO_Mon.sys (File found, but it contains no detailed information) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "KeyScrambler" (KeyScrambler) - "QFX Software Corporation" - C:\WINDOWS\System32\drivers\keyscrambler.sys "Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys (File not found) "Lbd" (Lbd) - ? - C:\WINDOWS\System32\DRIVERS\Lbd.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\pcouffin.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WinZip\WZSHLSTB.DLL {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WinZip\WZSHLSTB.DLL {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WinZip\WZSHLSTB.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}" - ? - (File not found | COM-object registry key not found) / hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab {644E432F-49D3-41A1-8DD5-E099162EEEC5} "{644E432F-49D3-41A1-8DD5-E099162EEEC5}" - ? - (File not found | COM-object registry key not found) / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab {9F1C11AA-197B-4942-BA54-47A8489BB47F} "{9F1C11AA-197B-4942-BA54-47A8489BB47F}" - ? - (File not found | COM-object registry key not found) / hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39171.5993634259 {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {B745F984-EF2E-40D6-A9AC-D8CED7230E61} "ClsidExtension" - "QFX Software Corporation" - C:\Programme\KeyScrambler\KeyScramblerIE.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} "NetXfer" - "Xi" - C:\Programme\Xi\NetXfer\NXToolBar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {2B9F5787-88A5-4945-90E7-C4B18563BC5E} "KeyScramblerBHO Class" - "QFX Software Corporation" - C:\Programme\KeyScrambler\KeyScramblerIE.dll {83B80A9C-D91A-4F22-8DCF-EA7204039F79} "NXIECatcher Class" - "Xi" - C:\Programme\Xi\NetXfer\NXIEHelper.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "phonostarTimer" - ? - C:\Programme\phonostar-Player\phonostarTimer.exe (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ABLKSR" - "ASYSTeK Computer INC." - C:\WINDOWS\ABLKSR\ABLKSR.exe "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ATICCC" - ? - "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" (File found, but it contains no detailed information) "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "EEventManager" - "SEIKO EPSON CORPORATION" - "C:\Programme\Epson Software\Event Manager\EEventManager.exe" "EOUApp" - "Intel Corporation" - "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe" "FUFAXSTM" - "SEIKO EPSON CORPORATION" - "C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe" "IntelWireless" - "Intel Corporation" - "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless "IntelZeroConfig" - "Intel Corporation" - "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" "NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "Power_Gear" - "ASUSTeK Computer Inc." - C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1 "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "Wireless Console 2" - ? - C:\Programme\Wireless Console 2\wcourier.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "EpsonNet Print Port" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\enppmon.dll "GMX Fax Monitor" - "GMX GmbH" - C:\WINDOWS\system32\UIGMXMON.DLL "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Toshiba Bluetooth Monitor" - "Toshiba America Business Solutions, Inc." - C:\WINDOWS\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "EpsonBidirectionalService" (EpsonBidirectionalService) - "SEIKO EPSON CORPORATION" - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe "Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - ? - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (File not found) [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== |
|
04.01.2011, 00:16
| #12 |
| | Avira findet Trojaner TR/FakeAV.vxj MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000001c Kernel Drivers (total 133): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E5000 \WINDOWS\system32\hal.dll 0xF79DB000 \WINDOWS\system32\KDCOM.DLL 0xF78EB000 \WINDOWS\system32\BOOTVID.dll 0xF73AB000 ACPI.sys 0xF79DD000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF739A000 pci.sys 0xF74DB000 isapnp.sys 0xF74EB000 ohci1394.sys 0xF74FB000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF78EF000 compbatt.sys 0xF78F3000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xF7AA3000 pciide.sys 0xF775B000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF737C000 pcmcia.sys 0xF750B000 MountMgr.sys 0xF735D000 ftdisk.sys 0xF78F7000 ACPIEC.sys 0xF7AA4000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xF7763000 PartMgr.sys 0xF751B000 VolSnap.sys 0xF7345000 atapi.sys 0xF752B000 disk.sys 0xF753B000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7325000 fltmgr.sys 0xF7313000 sr.sys 0xF754B000 PxHelp20.sys 0xF72FC000 KSecDD.sys 0xF72E9000 WudfPf.sys 0xF725C000 Ntfs.sys 0xF722F000 NDIS.sys 0xF776B000 risdptsk.sys 0xF7215000 Mup.sys 0xF7A09000 \SystemRoot\system32\DRIVERS\ATKACPI.sys 0xF6C76000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF6ABC000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xF6AA8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF6A80000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF6A6C000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys 0xF690E000 \SystemRoot\system32\DRIVERS\w39n51.sys 0xF785B000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF68EA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF7863000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF6C66000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xF757B000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0xF758B000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF68CF000 \SystemRoot\System32\drivers\keyscrambler.sys 0xF786B000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF68A0000 \SystemRoot\system32\DRIVERS\SynTP.sys 0xF7A0B000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF7873000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF759B000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF6888000 \SystemRoot\System32\Drivers\AnyDVD.sys 0xF75AB000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF75BB000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF6865000 \SystemRoot\system32\DRIVERS\ks.sys 0xF71E5000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xF75CB000 \SystemRoot\System32\Drivers\tosrfcom.sys 0xF7BD1000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF75DB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF71E1000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF684E000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF75EB000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF75FB000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF787B000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF683D000 \SystemRoot\system32\DRIVERS\psched.sys 0xF760B000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF7883000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF788B000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF761B000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7A0D000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF67DF000 \SystemRoot\system32\DRIVERS\update.sys 0xF71D5000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF762B000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xEE326000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xEE302000 \SystemRoot\system32\drivers\portcls.sys 0xF765B000 \SystemRoot\system32\drivers\drmk.sys 0xEE228000 \SystemRoot\system32\DRIVERS\smserial.sys 0xF7893000 \SystemRoot\System32\Drivers\Modem.SYS 0xF6EB8000 \SystemRoot\system32\drivers\MODEMCSA.sys 0xF766B000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7A11000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7AE9000 \SystemRoot\System32\Drivers\Null.SYS 0xF7A13000 \SystemRoot\System32\Drivers\Beep.SYS 0xF78B3000 \SystemRoot\System32\drivers\vga.sys 0xF7A15000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7A17000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF78BB000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF78C3000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF79AB000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xED50D000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xED4B4000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xED464000 \SystemRoot\system32\DRIVERS\netbt.sys 0xED43E000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF79BF000 \SystemRoot\System32\drivers\ws2ifsl.sys 0xED41C000 \SystemRoot\System32\drivers\afd.sys 0xF767B000 \SystemRoot\system32\DRIVERS\netbios.sys 0xED3F1000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xED381000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF768B000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF769B000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys 0xF76AB000 \SystemRoot\System32\Drivers\Fips.SYS 0xF76BB000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xF79D7000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF76DB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF78CB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF78D3000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0xED2BB000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xF67DB000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xF7A23000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys 0xF6CE6000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xED210000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7A2D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xED297000 \SystemRoot\System32\drivers\Dxapi.sys 0xF77AB000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7B4B000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF055000 \SystemRoot\System32\ati2cqag.dll 0xBF09B000 \SystemRoot\System32\atikvmag.dll 0xBF0DF000 \SystemRoot\System32\ati3duag.dll 0xBF323000 \SystemRoot\System32\ativvaxx.dll 0xEB0BB000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xF7823000 \SystemRoot\system32\DRIVERS\AegisP.sys 0xEB09F000 \SystemRoot\system32\DRIVERS\s24trans.sys 0xEB07B000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xEDECB000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xEDC93000 \SystemRoot\system32\DRIVERS\srv.sys 0xEDA4E000 \SystemRoot\system32\drivers\wdmaud.sys 0xEDAE3000 \SystemRoot\system32\drivers\sysaudio.sys 0xBA064000 \SystemRoot\system32\drivers\kmixer.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 46): 0 System Idle Process 4 System 928 C:\WINDOWS\system32\smss.exe 1092 csrss.exe 1124 C:\WINDOWS\system32\winlogon.exe 1168 C:\WINDOWS\system32\services.exe 1180 C:\WINDOWS\system32\lsass.exe 1356 C:\WINDOWS\system32\ati2evxx.exe 1372 C:\WINDOWS\system32\svchost.exe 1456 svchost.exe 1496 C:\WINDOWS\system32\svchost.exe 1536 C:\WINDOWS\system32\svchost.exe 1572 C:\Programme\Intel\Wireless\Bin\EvtEng.exe 1620 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe 1708 svchost.exe 1788 svchost.exe 1864 C:\WINDOWS\system32\ati2evxx.exe 136 C:\WINDOWS\system32\spoolsv.exe 228 C:\Programme\Avira\AntiVir Desktop\sched.exe 320 svchost.exe 464 C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe 616 C:\Programme\Avira\AntiVir Desktop\avguard.exe 656 C:\Programme\Java\jre6\bin\jqs.exe 696 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe 1524 C:\Programme\Avira\AntiVir Desktop\avshadow.exe 2296 C:\WINDOWS\explorer.exe 2468 C:\WINDOWS\ATK0100\HControl.exe 2504 C:\WINDOWS\system32\wbem\wmiapsrv.exe 2512 C:\Programme\Synaptics\SynTP\SynTPEnh.exe 2524 C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 2548 C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe 2556 C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe 2564 C:\Programme\Intel\Wireless\Bin\EOUWiz.exe 2576 C:\Programme\Wireless Console 2\wcourier.exe 2744 C:\WINDOWS\RTHDCPL.exe 2816 C:\Programme\Avira\AntiVir Desktop\avgnt.exe 2836 alg.exe 2956 C:\WINDOWS\ATK0100\ATKOSD.exe 3040 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe 3112 C:\Programme\DivX\DivX Update\DivXUpdate.exe 3276 C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe 3344 C:\Programme\Epson Software\Event Manager\EEventManager.exe 3376 C:\Programme\phonostar-Player\phonostarTimer.exe 3812 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe 2084 C:\WINDOWS\system32\svchost.exe 1016 C:\Dokumente und Einstellungen\***\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`77226600 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000b`60aa6800 (NTFS) PhysicalDrive0 Model Number: HitachiHTS541680J9SA00, Rev: SB2OC70P Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 Done! |
|
04.01.2011, 11:39
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira findet Trojaner TR/FakeAV.vxj Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.01.2011, 00:13
| #14 |
| | Avira findet Trojaner TR/FakeAV.vxj So, hier die Logfiles: Malwarebytes' Anti-Malware 1.46 www.***.org Datenbank Version: 5460 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 05.01.2011 00:08:12 mbam-log-2011-01-05 (00-08-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|) Durchsuchte Objekte: 223624 Laufzeit: 39 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und SUPERAntiSpyware Scann-Protokoll hxxp://www.***.com Generiert 01/04/2011 bei 11:25 PM Version der Applikation : 4.47.1000 Version der Kern-Datenbank : 6127 Version der Spur-Datenbank : 3939 Scan Art : kompletter Scann Totale Scann-Zeit : 01:27:41 Gescannte Speicherelemente : 550 Erfasste Speicher-Bedrohungen : 0 Gescannte Register-Elemente : 5987 Erfasste Register-Bedrohungen : 0 Gescannte Datei-Elemente : 94292 Erfasste Datei-Elemente : 0 Liebe Grüße, Illu |
|
05.01.2011, 12:50
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira findet Trojaner TR/FakeAV.vxj Keine Funde. Rechner wieder paletti?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Avira findet Trojaner TR/FakeAV.vxj |
| admin, administrator, aktuelle, anschluss, avira, bestimmte, bestimmten, board, datei, direkt, happy, heute, konnte, lieber, logdatei, nicht mehr, poste, posten, quarantäne, system, test, trojaner, trotz, unterwegs, verfügbar |
Linear-Darstellung
