ups, sorry, Du wolltest das Log ja direkt hier in den Beitrag gepostet haben...
Et voilà ;):
Combofix Logfile: Code:
ComboFix 11-01-02.04 - *** 03.01.2011 16:06:40.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.579 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokumente und einstellungen\***\Anwendungsdaten\inst.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-03 bis 2011-01-03 ))))))))))))))))))))))))))))))
.
2010-12-31 10:53 . 2010-12-31 10:53 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Textures
2010-12-31 10:53 . 2010-12-31 10:53 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Patterns
2010-12-31 10:53 . 2010-12-31 10:53 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Tubes
2010-12-31 10:53 . 2010-12-31 10:53 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Styled Lines
2010-12-31 10:53 . 2010-12-31 10:53 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Shapes
2010-12-31 10:53 . 2010-12-31 10:53 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Frames
2010-12-31 10:53 . 2010-12-31 10:53 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Brushes
2010-12-27 20:13 . 2010-12-27 20:33 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\vlc
2010-12-27 16:13 . 2010-12-27 17:50 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Epson
2010-12-27 16:06 . 2007-09-07 16:33 135168 ----a-w- c:\windows\system32\EEBAPI.dll
2010-12-27 16:06 . 2007-03-28 17:26 65536 ----a-w- c:\windows\system32\EEBUtil.dll
2010-12-27 16:06 . 2006-12-19 17:31 110592 ----a-w- c:\windows\system32\EEBDSCVR.dll
2010-12-27 16:06 . 2006-12-19 17:20 77824 ----a-w- c:\windows\system32\EBAPI.dll
2010-12-27 16:06 . 2003-12-17 00:01 55808 ----a-w- c:\windows\system32\EEBSDKIF.dll
2010-12-27 16:06 . 2007-04-10 01:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2010-12-27 16:06 . 2009-10-01 03:01 63488 ----a-w- c:\windows\system32\E_FD4BGIE.DLL
2010-12-27 16:06 . 2008-11-12 03:00 93696 ----a-w- c:\windows\system32\E_FLBGIE.DLL
2010-12-27 16:02 . 2008-12-01 12:00 457611 ----a-w- c:\windows\system32\ensppui.dll
2010-12-27 16:02 . 2008-12-01 12:00 457611 ----a-w- c:\windows\system32\enppui.dll
2010-12-27 16:02 . 2008-12-01 11:58 474892 ----a-w- c:\windows\system32\ensppmon.dll
2010-12-27 16:02 . 2008-12-01 11:58 474892 ----a-w- c:\windows\system32\enppmon.dll
2010-12-27 15:04 . 2010-12-27 15:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\EPSON
2010-12-27 15:04 . 2010-12-27 15:09 -------- d-----w- c:\programme\epson
2010-12-23 00:18 . 2010-12-23 00:18 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\vlc
2010-12-19 12:49 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-19 12:48 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-22 09:32 . 2010-05-16 22:58 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-24 10:25 . 2009-03-20 16:28 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:12 . 2006-10-27 05:14 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-05-16 22:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2007-01-25 12:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 00:21 . 2004-09-07 15:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2004-09-07 15:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2004-09-07 15:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 17:44 . 2009-10-28 23:47 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-03 12:25 . 2004-09-07 15:33 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-09-07 15:33 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:12 . 2004-09-07 15:33 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:05 . 2004-09-07 15:34 1853440 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 23:57 . 2010-10-13 23:57 371272 ----a-r- c:\dokumente und einstellungen\***\Anwendungsdaten\Microsoft\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"phonostarTimer"="c:\programme\phonostar-Player\phonostarTimer.exe" [2010-04-01 39936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-07-28 110592]
"ATICCC"="c:\programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"Power_Gear"="c:\programme\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\programme\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"Wireless Console 2"="c:\programme\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-14 281768]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"FUFAXSTM"="c:\programme\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"EEventManager"="c:\programme\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programme\\eMule\\emule.exe"=
"c:\\Programme\\Azureus\\Azureus.exe"=
"c:\\Programme\\Xi\\NetXfer\\NetTransport.exe"=
"c:\\Programme\\eBay\\Turbo Lister2\\Tl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"=
"c:\\Programme\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Dokumente und Einstellungen\\***\\Lokale Einstellungen\\Anwendungsdaten\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13518:TCP"= 13518:TCP:Emule
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [16.05.2010 23:59 135336]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [25.08.2009 12:34 114952]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\programme\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\programme\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.***.com
IE: &Block This Image (ABP) - c:\programme\Adblock Pro\blockimg.html
IE: Alles mit NetXfer herunterladen - c:\programme\Xi\NetXfer\NXAddList.html
IE: Herunterladen mit NetXfer - c:\programme\Xi\NetXfer\NXAddLink.html
TCP: {6CD5D6CF-9CD5-425E-B57F-AFCCD3508DC0} = 145.253.2.196,145.253.2.174
TCP: {D079F8F2-7959-4E47-899A-BB87F98500CA} = 145.253.2.196,145.253.2.174
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkda4zx.default\
FF - prefs.js: browser.search.selectedEngine - Ixquick - Deutsch
FF - prefs.js: browser.startup.homepage - hxxp://www.***.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-PhonostarTimer - c:\programme\phonostar\ps_timer.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.***.net
Rootkit scan 2011-01-03 16:11
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Ahead\Nero - Burning Rom\Settings\ExpressAudioListCtrl]
@DACL=(02 0000)
"0"="0,45,0,62494,1"
"1"="1,140,0,62495,1"
"2"="2,140,0,62496,1"
"3"="3,115,0,62497,1"
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Ahead\Nero - Burning Rom\Settings\ExpressIsoListCtrl]
@DACL=(02 0000)
"FILENAME"="0,349,0,664,1"
"FILESIZE"="1,90,1,671,1"
"FILETYPE"="2,60,0,62441,1"
"FILEDATE"="3,70,1,675,1"
"FILEATTRIBUTE"="4,60,0,673,0"
"FILEPRIORITY"="5,80,0,676,0"
"FILEORIGIN"="6,150,0,62931,0"
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Ahead\Nero - Burning Rom\Settings\ExpressMP3ListCtrl]
@DACL=(02 0000)
"0"="0,130,0,32975,1"
"1"="1,75,0,32964,1"
"2"="2,110,0,32965,1"
"3"="3,80,0,32966,1"
"4"="4,75,0,32967,1"
"5"="5,75,1,32968,1"
"6"="6,80,1,32969,1"
"7"="7,80,1,32970,1"
"8"="8,170,0,32971,1"
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Ahead\Nero - Burning Rom\Settings\NeroIsoListCtrl]
@DACL=(02 0000)
"FILENAME"="0,120,0,664,1"
"FILESIZE"="1,90,1,671,1"
"FILETYPE"="2,60,0,62441,1"
"FILEDATE"="3,70,1,675,1"
"FILEATTRIBUTE"="4,60,0,673,0"
"FILEPRIORITY"="5,80,0,676,0"
"FILEORIGIN"="6,150,0,62931,0"
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Local AppWizard-Generated Applications\ASUS_MULTIFRAME_CLASS]
@DACL=(02 0000)
@SACL=
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Microsoft\MediaPlayer\Preferences\CD-Laufwerk (E:)]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Microsoft\MediaPlayer\Preferences\EqualizerSettings]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Microsoft\MediaPlayer\Preferences\Library]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Microsoft\MediaPlayer\Preferences\ProxySettings]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Microsoft\MediaPlayer\Preferences\VideoSettings]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Microsoft\MediaPlayer\Preferences\{292d7f4a-ac08-11db-8c00-806d6172696f}]
@DACL=(02 0000)
"CDReadRate"=hex:54,1e,71,40
[HKEY_USERS\S-1-5-21-2794885659-4250722375-3095125155-1010\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipp\OpenWithProgIds]
@DACL=(02 0000)
@SACL=
"ASUS Net4Switch configuration file"=hex:
[HKEY_LOCAL_MACHINE\software\Classes\Applications\RealPlay.exe\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\realplay.exe,0"
[HKEY_LOCAL_MACHINE\software\Classes\Applications\RealPlay.exe\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\Applications\RealPlay.exe\SupportedTypes]
@DACL=(02 0000)
@=""
".mp3"=""
".m3u"=""
".cda"=""
".wav"=""
".mpg"=""
".mpeg"=""
".mpv"=""
".mps"=""
".m2v"=""
".m1v"=""
".mpe"=""
".mpa"=""
".avi"=""
".mp4"=""
".m4e"=""
".rt"=""
".rnx"=""
".rmp"=""
".rms"=""
".rjs"=""
".ra"=""
".rax"=""
".rm"=""
".rmvb"=""
".rp"=""
".ram"=""
".rmm"=""
".rsml"=""
".rv"=""
".rvx"=""
".rmj"=""
".rjt"=""
".rmx"=""
".wma"=""
".wmv"=""
".wax"=""
".asx"=""
".asf"=""
".wm"=""
".wmx"=""
".wvx"=""
".mov"=""
".qt"=""
".aac"=""
".m4a"=""
".m4p"=""
".mp2"=""
".mp1"=""
".mpga"=""
".pls"=""
".xpl"=""
".smi"=""
".smil"=""
".ssm"=""
".sdp"=""
".au"=""
".aif"=""
".aiff"=""
".mid"=""
".midi"=""
".rmi"=""
".acp"=""
".lmsff"=""
".lqt"=""
".lavs"=""
".lar"=""
".la1"=""
".3gp"=""
".amr"=""
".awb"=""
".3g2"=""
".divx"=""
".rpm"=""
[HKEY_LOCAL_MACHINE\software\Classes\pnm\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\pnm\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\pnm\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RJS.1\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RJS.1\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RJS.1\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RJT.1\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RJT.1\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RJT.1\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RMJ.1\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RMJ.1\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RMJ.1\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RMP.1\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RMP.1\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RMP.1\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RMX.1\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RMX.1\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealJukebox.RMX.1\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.3GPP2.10\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.3GPP2.10\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.3GPP2.10\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.3GPP_AMR.10\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.3GPP_AMR.10\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.3GPP_AMR.10\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.AMR.10\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.AMR.10\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.AMR.10\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.AMR_WB.10\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.AMR_WB.10\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.AMR_WB.10\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.AutoPlay.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.AutoPlay.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.AutoPlay.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.CDBurn.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.CDBurn.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.CDBurn.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.M4A.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.M4A.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.M4A.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.MPGA.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.MPGA.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.MPGA.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.PIX.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.PIX.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.PIX.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.PLSPL.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.PLSPL.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.PLSPL.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RA.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RA.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RA.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RAM.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RAM.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RAM.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RAX.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RAX.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RAX.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RM.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RM.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RM.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RMS.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,2"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RMS.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RMS.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RMVB.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RMVB.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RMVB.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RP.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\rnxproc.exe,0"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RP.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RSML.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RSML.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RSML.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RT.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RT.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RT.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RV.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RV.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RV.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RVX.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RVX.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.RVX.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.SDP.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.SDP.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.SDP.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.SMIL.6\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.SMIL.6\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\RealPlayer.SMIL.6\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\rtsp\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\rtsp\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\rtsp\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\SSM\DefaultIcon]
@DACL=(02 0000)
@="c:\\Programme\\Real\\RealPlayer\\RealPlay.exe,1"
[HKEY_LOCAL_MACHINE\software\Classes\SSM\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\SSM\shellex]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{00CEDBF1-864D-11D3-908D-00C0F03B3EDC}\1.0]
@DACL=(02 0000)
@="ierjplug 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{405DE7B2-E7DD-11D2-92C5-00C0F01F77C1}\1.0]
@DACL=(02 0000)
@="rpautostream 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{47F59201-8783-11D2-8343-00A0C945A819}\1.1]
@DACL=(02 0000)
@="RichFX Installation Manager 1.1 Type Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{A67004E0-8362-42F9-B186-88706C346DD9}\1.0]
@DACL=(02 0000)
@="ierpplug 1.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\FIREFOX.EXE]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwDir]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
@DACL=(02 0000)
@SACL=
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\NeroBurnPlugin]
@DACL=(02 0000)
@SACL=
"ProgID"="MDNeroBurnPlugin.MDNeroBurnPlugin"
[HKEY_LOCAL_MACHINE\software\Xing Technology Corp.\SharedDlls]
@DACL=(02 0000)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1100)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2011-01-03 16:13:09
ComboFix-quarantined-files.txt 2011-01-03 15:13
Vor Suchlauf: 7.137.729.536 Bytes frei
Nach Suchlauf: 8.611.935.232 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - A79574CE2BE067A0EDD862A406A2D1AB
--- --- --- |
