Hab nun auch noch ein Combofix Log erstellt - der hat angezeigt das ich ein "Rootkit" drauf habe , bitte um Hilfe!
Combofix Logfile: Code:
ComboFix 11-05-12.02 - Pro 13.05.2011 8:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.3007.2643 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Pro.PRO-7DA6632B32B\Eigene Dateien\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\WinPCap
c:\programme\WinPCap\install.log
c:\programme\WinPCap\rpcapd.exe
c:\programme\WinPCap\Uninstall.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-13 bis 2011-05-13 ))))))))))))))))))))))))))))))
.
.
2011-05-13 05:46 . 2011-05-13 05:57 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-05-12 20:01 . 2007-06-15 14:45 1826816 ----a-r- c:\windows\SkyTel.exe
2011-05-12 19:54 . 2001-08-17 12:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2011-05-12 19:53 . 2004-08-03 23:57 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-05-12 19:53 . 2004-08-03 23:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-05-12 19:53 . 2004-08-03 22:08 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2011-05-12 19:52 . 2001-08-17 11:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2011-05-12 19:52 . 2004-08-03 23:57 77312 ----a-w- c:\windows\system32\usbui.dll
2011-05-12 19:52 . 2004-08-03 22:07 44672 ----a-w- c:\windows\system32\drivers\UAGP35.SYS
2011-05-12 19:49 . 2011-05-12 19:49 -------- d-----w- c:\programme\FinalWire
2011-05-12 19:46 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET29.tmp
2011-05-12 19:46 . 2006-02-28 12:00 14043 ----a-r- c:\windows\SET8.tmp
2011-05-12 19:46 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET4.tmp
2011-05-12 19:46 . 2006-02-28 12:00 1014663 ----a-r- c:\windows\SET3.tmp
2011-05-12 19:45 . 2011-05-12 19:00 -------- d-----w- c:\dokumente und einstellungen\All Users.WINDOWS
2011-05-12 19:45 . 2011-05-12 19:07 -------- d--h--w- c:\dokumente und einstellungen\Default User.WINDOWS
2011-05-12 19:40 . 2011-04-01 15:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-12 19:40 . 2011-04-01 15:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-12 19:40 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-05-12 19:40 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-05-12 19:39 . 2011-05-12 19:39 -------- d-----w- c:\dokumente und einstellungen\PRO~1~PRO
2011-05-12 19:31 . 2008-06-14 17:57 273024 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-05-12 19:31 . 2008-06-14 17:57 273024 ------w- c:\windows\system32\drivers\bthport.sys
2011-05-12 19:31 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-05-12 19:30 . 2010-02-16 19:30 2060672 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-05-12 19:30 . 2010-02-16 19:30 2019328 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-05-12 19:30 . 2010-02-16 19:30 2183680 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-05-12 19:30 . 2010-02-16 19:30 2139648 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-05-12 19:29 . 2011-04-14 16:40 142296 ----a-w- c:\programme\Mozilla Firefox\components\browsercomps.dll
2011-05-12 19:29 . 2011-04-14 16:40 89048 ----a-w- c:\programme\Mozilla Firefox\libEGL.dll
2011-05-12 19:29 . 2011-04-14 16:40 781272 ----a-w- c:\programme\Mozilla Firefox\mozsqlite3.dll
2011-05-12 19:29 . 2011-04-14 16:40 465880 ----a-w- c:\programme\Mozilla Firefox\libGLESv2.dll
2011-05-12 19:29 . 2011-04-14 16:40 1874904 ----a-w- c:\programme\Mozilla Firefox\mozjs.dll
2011-05-12 19:29 . 2011-04-14 16:40 15832 ----a-w- c:\programme\Mozilla Firefox\mozalloc.dll
2011-05-12 19:29 . 2010-01-01 08:00 1974616 ----a-w- c:\programme\Mozilla Firefox\D3DCompiler_42.dll
2011-05-12 19:29 . 2010-01-01 08:00 1892184 ----a-w- c:\programme\Mozilla Firefox\d3dx9_42.dll
2011-05-12 19:29 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-05-12 19:23 . 2008-07-09 07:37 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-05-12 19:19 . 2011-05-12 19:19 -------- d-----w- c:\dokumente und einstellungen\UpdatusUser
2011-05-12 19:08 . 2011-05-12 19:09 -------- d-----w- c:\dokumente und einstellungen\Pro.PRO-7DA6632B32B
2011-05-12 19:06 . 2011-05-12 19:06 -------- d-sh--w- c:\dokumente und einstellungen\LocalService.NT-AUTORITÄT.000
2011-05-12 19:05 . 2011-05-12 19:05 -------- d-sh--w- c:\dokumente und einstellungen\NetworkService.NT-AUTORITÄT.000
2011-05-12 19:03 . 2006-02-28 12:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll
2011-05-12 19:02 . 2006-02-28 12:00 39936 -c--a-w- c:\windows\system32\dllcache\hostmib.dll
2011-05-12 18:58 . 2006-02-28 12:00 45568 -c--a-w- c:\windows\system32\dllcache\safrslv.dll
2011-05-12 18:57 . 2006-02-28 12:00 28672 ----a-w- c:\programme\Messenger\custsat.dll
2011-05-12 18:56 . 2006-02-28 12:00 92672 -c--a-w- c:\windows\system32\dllcache\policman.dll
2011-05-12 13:27 . 2011-05-12 13:34 -------- d-----w- C:\_OTL
2011-05-12 12:51 . 2011-05-12 12:51 -------- d-----w- c:\dokumente und einstellungen\Pro\Anwendungsdaten\Wireshark
2011-05-11 09:59 . 2011-05-11 09:59 -------- d-----w- c:\programme\FLV Player
2011-05-09 06:03 . 2011-05-09 06:04 -------- d-----w- c:\dokumente und einstellungen\Pro\Anwendungsdaten\Teleca
2011-05-09 06:02 . 2011-05-09 06:02 -------- d-----w- c:\dokumente und einstellungen\Pro\Lokale Einstellungen\Anwendungsdaten\Sony Ericsson
2011-05-09 06:02 . 2011-05-09 06:02 -------- d-----w- c:\dokumente und einstellungen\Pro\Anwendungsdaten\Sony Ericsson
2011-05-09 06:02 . 2011-05-09 06:02 -------- d-----w- c:\programme\Gemeinsame Dateien\Sony Ericsson Shared
2011-05-09 06:02 . 2011-05-09 06:03 -------- d-----w- c:\programme\Gemeinsame Dateien\Teleca Shared
2011-05-09 06:02 . 2011-05-09 06:02 -------- d-----w- c:\programme\Sony Ericsson
2011-04-29 23:38 . 2011-04-29 23:38 -------- d-----w- c:\programme\BB
2011-04-28 20:07 . 2011-05-09 13:42 -------- d-----w- c:\programme\Metin2
2011-04-25 23:29 . 2011-04-25 23:29 -------- d-----w- c:\programme\AutoHotkey
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-07 20:16 . 2011-04-07 20:16 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-07 20:16 . 2011-04-07 20:16 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:16 . 2011-04-07 20:16 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-04-07 20:16 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-04-07 20:16 . 2011-04-07 20:16 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-04-07 20:16 . 2011-04-07 20:16 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-04-07 20:16 . 2011-04-07 20:16 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-04-07 20:16 . 2011-04-07 20:16 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-04-07 20:16 . 2011-04-07 20:16 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-04-07 20:16 . 2011-04-07 20:16 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-04-07 20:16 . 2011-04-07 20:16 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-04-07 20:16 . 2011-04-07 20:16 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-04-07 20:16 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-04-07 20:16 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-04-07 20:16 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-04-07 20:16 . 2011-04-07 20:16 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-04-07 20:16 . 2011-04-07 20:16 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-04-07 20:16 . 2011-04-07 20:16 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-04-07 20:16 . 2011-04-07 20:16 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-04-07 20:16 . 2011-04-07 20:16 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-04-07 20:16 . 2011-04-07 20:16 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-04-07 20:16 . 2011-04-07 20:16 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-07 20:16 . 2011-04-07 20:16 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-04-07 20:16 . 2011-04-07 20:16 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-04-07 20:16 . 2011-04-07 20:16 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-04-07 20:16 . 2011-04-07 20:16 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-04-07 20:16 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-04-07 20:16 . 2011-04-07 20:16 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-04-07 20:16 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-04-07 20:16 . 2011-04-07 20:16 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-04-07 20:16 . 2011-04-07 20:16 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-04-07 20:16 . 2011-04-07 20:16 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:16 . 2011-04-07 20:16 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:16 . 2011-04-07 20:16 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-07 20:16 . 2011-04-07 20:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-03-23 21:07 . 2011-03-23 21:07 388096 ----a-r- c:\dokumente und einstellungen\Pro\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2007-08-12 01:24 . 2007-08-17 00:04 314983 ----a-w- c:\programme\xBBrowser.exe
2011-04-14 16:40 . 2011-05-12 19:29 142296 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [10.07.2009 13:30 136360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [12.05.2011 21:19 2218600]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\programme\FinalWire\AIDA64 Extreme Edition\kerneld.x32 [12.05.2011 21:49 28824]
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-05-12 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
FF - ProfilePath - c:\dokumente und einstellungen\Pro.PRO-7DA6632B32B\Anwendungsdaten\Mozilla\Firefox\Profiles\zmiy5ugh.default\
FF - prefs.js: browser.startup.homepage - Google
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-13 08:37
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AIDA64Driver]
"ImagePath"="\??\c:\programme\FinalWire\AIDA64 Extreme Edition\kerneld.x32"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components]
@Denied: (Full) (Everyone)
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"DontAsk"=dword:00000002
"Version"="9,0,0,3250"
"IsInstalled"=dword:00000000
"Stubpath"="c:\\WINDOWS\\inf\\unregmp2.exe /ShowWMP"
@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"Dontask"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"=expand:"%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigIE"
"Version"="2,0,0,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
@="Browseranpassungen"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
"Version"="6,0,2900,2180"
"Locale"="*"
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"Dontask"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"=expand:"%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigOE"
"Version"="2,0,0,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Vektorgrafik-Rendering (VML)"
"ComponentID"="MSVML"
"Version"="6,0,2462,0001"
"IsInstalled"=hex:01,00,00,00
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
@=""
"Version"="9,0,0,3250"
"ComponentID"="NetShow"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Locale"="DE"
"StubPath"=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
@="Microsoft Windows Media Player 6.4"
"Version"="9,0,0,3250"
"ComponentID"="Microsoft Windows Media Player"
"DontAsk"=dword:00000002
"Locale"="DE"
"StubPath"=""
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
@="DirectAnimation"
"IsInstalled"=dword:00000001
"Version"="6,0,3,531"
"Locale"="DE"
"ComponentID"="DirectAnimation"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"IsInstalled"=dword:00000001
"Locale"="DE"
"StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll"
"Version"="1,1,1,7"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Dynamic HTML-Datenbindung für Java"
"ComponentID"="TridataJava"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,7,0,0320"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"Version"="6,0,2900,2180"
@="Offlinebrowsingpaket"
"ComponentID"="MobilePk"
"IsInstalled"=dword:00000001
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,397,2406,1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Erweitertes Authoring"
"ComponentID"="AdvAuth"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,2900,2180"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"Version"="6,0,2900,2180"
@="Microsoft Outlook Express 6"
"IsInstalled"=dword:00000001
"Locale"="DE"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"IsInstalled"=hex:01,00,00,00
"Version"="4,4,0,3400"
"Locale"="DE"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msnetmtg.inf,NetMtg.Install.PerUser.NT"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"Version"="9,0,0,3250"
@="DirectShow"
"ComponentID"="activemovie"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Locale"="DE"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1113,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Internet Explorer-Hilfe"
"ComponentID"="HelpCont"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,2900,2180"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="DirectAnimation Java Classes"
"ComponentID"="DAJava"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,00,01,0223"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
"IsInstalled"=dword:00000001
"Locale"="DE"
"Version"="5,6,0,8838"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
@="Sicherheitsupdate für Windows XP (KB923789)"
"IsInstalled"=dword:00000001
"Version"="6,0,88,0"
"ComponentID"="KB923789"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="c:\\Programme\\Messenger\\msmsgs.exe"
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msmsgs.inf,BLC.QuietInstall.PerUser"
"Locale"="DE"
"Version"="4,7,0,3000"
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="5,00,2918,1900"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="5,0,0,1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"Version"="6,0,2900,2180"
@="Browsererweiterungen"
"ComponentID"="ExtraPack"
"IsInstalled"=dword:00000001
"Locale"="*"
"KeyFileName"="c:\\WINDOWS\\system32\\msieftp.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
"Version"="9,0,0,3250"
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"DontAsk"=dword:00000002
"Locale"="DE"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\wmp.inf,PerUserStub"
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="Zugang zu MSN Site"
"ComponentID"="MSN_Auth"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,9,9,2"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"Version"="6,0,2600,0000"
@="Adressbuch 6"
"IsInstalled"=dword:00000001
"Locale"="DE"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"Version"="6,0,2900,2180"
@="Windows Desktop-Update"
"ComponentID"="IE4Shell_NT"
"IsInstalled"=dword:00000001
"Locale"="de"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"Version"="6,0,2900,2180"
@="Internet Explorer 6"
"ComponentID"="BASEIE40_W2K"
"IsInstalled"=dword:00000001
"Locale"="de"
"StubPath"=expand:"%SystemRoot%\\system32\\ie4uinit.exe"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML-Datenbindung"
"ComponentID"="Tridata"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="5,5000,3130,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
"Version"="6,0,2800,2180"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Internet Explorer-Hauptschriftarten"
"ComponentID"="Fontcore"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,00,0000,6"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Taskplaner"
"ComponentID"="MSTASK"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1968,1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
"IsInstalled"=hex:01,00,00,00
"Version"="2,1,4026,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@="Shockwave Flash"
"ComponentID"="Flash"
"IsInstalled"=hex:01,00,00,00
"Version"="6,0,88,0"
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="HTML-Hilfe"
"ComponentID"="HTMLHelp"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,74,9273,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
"IsInstalled"=hex:01,00,00,00
"Locale"="EN"
"Version"="5,0,00,0"
.
Zeit der Fertigstellung: 2011-05-13 08:39:07
ComboFix-quarantined-files.txt 2011-05-13 06:39
ComboFix2.txt 2011-05-12 14:04
.
Vor Suchlauf: 40 Verzeichnis(se), 74.068.897.792 Bytes frei
Nach Suchlauf: 41 Verzeichnis(se), 74.275.590.144 Bytes frei
.
- - End Of File - - A8DCACDC6A71E5EE3E49E295E2E871F7
--- --- --- |
