HTTP geblockt - Ping ok - SSL ok aber keine normalen InternetseitenThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
02.12.2007, 13:40
...neu hier
Beiträge: 4 |
||
|
||
02.12.2007, 14:43
Ehrenmitglied
Beiträge: 6028 |
#2
Kennst du die Firma "Quadrus Financial Technologies Inc."in Calgary Canada?
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = QFTI.COM __________ MfG Argus |
|
|
||
02.12.2007, 17:53
Ehrenmitglied
Beiträge: 6028 |
#3
Es gab ein Bug in FireFox 2.0.0.10
https://bugzilla.mozilla.org/show_bug.cgi?id=405584 Neuer Update 2.0.0.11 http://en-us.www.mozilla.com/en-US/firefox/all.html __________ MfG Argus |
|
|
||
02.12.2007, 18:49
...neu hier
Themenstarter Beiträge: 4 |
#4
Problem scheint geloest.
QFTI ist meine eigene Firmendomain. Ich hatte eine abgebrochene Installation von Kapersky. Nachdem ich die komplette geloescht habe funktioniert alles wieder. K hat vielleicht waehrend der Installation Port 80 geblockt. Danke fuer Eure Hilfe trotzdem. Das Problem scheint durchaus oefter aufzutreten aber nirgend gibt es eine saubere Loesung beschrieben. |
|
|
||
Pingen geht, SSL über HTTPS ist auch ok, aber normale Internetseiten (HTTP) geben keine Antwort. Zuerst konnte ich nach einem Reboot EINMAL eine HTTP Verbindung aufbauen, beim zweiten Aufruf war aber schon alles geblockt. Aber jetzt bist alles 'hin'. DAs ist mit allen Browsern (Firefox, Opera, IE) gleich.
Ein ähnliches Problem -ohne Lösung- ist auch unter 'Http geht nicht - https geht ..' gepostet.
Kein Scanner hat irgendwas gefunden - Hat hier jemand eine Idee? Ich doktore da schon seit 2 Nächten dran.
Hier der ComboFix:
ComboFix 07-12-02.5 - WolfgangP 2007-12-02 12:13:57.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1315 [GMT 1:00]
Running from: C:\Documents and Settings\wolfgangp\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.
2007-12-02 10:45 . 2007-11-01 14:54 212 -rahs---- C:\BOOT.BAK
2007-12-01 22:46 . 2007-12-01 22:52 <DIR> d-------- C:\ProgramFiles
2007-12-01 17:35 . 2007-12-01 17:35 <DIR> d-------- C:\kav
2007-12-01 17:34 . 2007-12-01 17:34 <DIR> d-------- C:\Program Files\ThreatFire
2007-12-01 17:34 . 2007-12-01 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2007-12-01 17:34 . 2007-11-12 17:24 52,032 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys
2007-12-01 17:34 . 2007-11-12 17:24 39,232 --a------ C:\WINDOWS\system32\drivers\TfSysMon.sys
2007-12-01 17:34 . 2007-11-12 17:24 34,624 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys
2007-12-01 17:34 . 2007-11-12 17:03 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2007-12-01 15:31 . 2007-12-01 15:31 <DIR> d-------- C:\Program Files\McAfee.com
2007-12-01 15:31 . 2007-12-02 08:32 <DIR> d-------- C:\Program Files\McAfee
2007-12-01 15:31 . 2007-12-01 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-01 15:31 . 2005-08-23 23:16 349,760 -ra------ C:\WINDOWS\system32\mcinsctl.dll
2007-12-01 15:31 . 2005-05-25 00:23 288,320 -ra------ C:\WINDOWS\system32\mcgdmgr.dll
2007-12-01 15:23 . 2007-12-01 23:18 <DIR> d-------- C:\Program Files\Xpage Internet Studio 6 Special Edition
2007-12-01 11:04 . 2007-12-01 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-30 22:28 . 2007-11-30 22:28 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-11-30 22:28 . 2007-11-30 22:28 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-11-30 21:15 . 2007-11-30 21:15 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-30 20:53 . 2007-11-30 20:53 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-30 01:50 . 2007-11-30 01:58 0 --------- C:\WINDOWS\_INS33IS._MP
2007-11-29 23:09 . 2007-11-30 17:04 <DIR> d-------- C:\Program Files\Hacker Eliminator
2007-11-29 13:41 . 2007-11-29 13:41 <DIR> d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
2007-11-28 18:19 . 2007-11-28 19:41 <DIR> d-------- C:\Documents and Settings\wolfgangp\Tracing
2007-11-28 18:18 . 2007-09-28 23:08 84,992 --------- C:\WINDOWS\system32\lmdimon8.dll
2007-11-28 18:17 . 2007-11-28 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Applications
2007-11-28 11:03 . 2007-11-28 11:03 <DIR> d-------- C:\Documents and Settings\wolfgangp\Application Data\AVS4YOU
2007-11-28 10:54 . 2007-11-30 10:13 54,156 ---h----- C:\WINDOWS\QTFont.qfn
2007-11-28 10:54 . 2007-11-28 10:54 1,409 --------- C:\WINDOWS\QTFont.for
2007-11-27 23:32 . 2007-11-27 23:32 23,392 --------- C:\WINDOWS\system32\nscompat.tlb
2007-11-27 23:32 . 2007-11-27 23:32 16,832 --------- C:\WINDOWS\system32\amcompat.tlb
2007-11-27 14:20 . 2007-11-27 14:20 <DIR> d-------- C:\Program Files\Pro Imaging Powertoys
2007-11-27 14:20 . 2007-11-27 14:20 <DIR> d-------- C:\Program Files\Common Files\Nikon
2007-11-19 17:58 . 2007-11-19 17:58 <DIR> d-------- C:\Program Files\thg
2007-11-19 17:57 . 2007-11-19 17:57 <DIR> d--h----- C:\Documents and Settings\wolfgangp\InstallAnywhere
2007-11-19 17:43 . 2007-11-19 17:43 <DIR> d-------- C:\Program Files\NCSA
2007-11-18 15:29 . 2007-11-18 15:30 736 --------- C:\WINDOWS\hpntwksetup.ini
2007-11-18 15:25 . 2007-11-18 15:53 117,087 --------- C:\WINDOWS\hpoins11.dat
2007-11-18 15:18 . 2006-05-05 22:20 11,634 --------- C:\WINDOWS\hpomdl11.dat
2007-11-18 15:01 . 2007-11-18 15:01 <DIR> d-------- C:\Program Files\NetSetMan
2007-11-18 11:17 . 2007-11-18 11:17 <DIR> d-------- C:\Documents and Settings\wolfgangp\Application Data\Leadertech
2007-11-17 11:50 . 2004-03-04 23:46 83,168 --------- C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-17 11:50 . 2004-03-04 23:46 82,832 --------- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-17 01:56 . 2006-11-08 09:51 62,336 --------- C:\WINDOWS\system32\drivers\rspndr.sys
2007-11-17 01:56 . 2006-11-08 09:51 10,752 --------- C:\WINDOWS\system32\rspndr.exe
2007-11-14 15:58 . 2007-11-14 15:58 <DIR> d-------- C:\code
2007-11-13 15:44 . 2007-11-13 15:44 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-09 14:24 . 2007-11-09 14:24 <DIR> d-------- C:\Program Files\stickies
2007-11-09 14:24 . 2007-11-09 15:24 <DIR> d-------- C:\Documents and Settings\wolfgangp\Application Data\stickies
2007-11-09 14:11 . 2007-11-09 14:11 4,728 --------- C:\WINDOWS\system32\PerfStringBackup.TMP
2007-11-09 12:51 . 2007-11-09 12:55 69 --------- C:\WINDOWS\NeroDigital.ini
2007-11-09 00:16 . 2004-08-04 00:56 116,224 -----c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-11-09 00:16 . 2001-08-17 22:37 27,648 -----c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-11-09 00:16 . 2001-08-17 22:36 23,040 -----c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-11-09 00:16 . 2001-08-17 22:36 17,408 -----c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-11-09 00:16 . 2001-08-17 22:37 4,608 -----c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-11-09 00:14 . 2001-08-17 13:28 794,654 -----c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2007-11-09 00:13 . 2001-08-17 22:36 525,568 -----c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2007-11-09 00:12 . 2001-08-17 22:36 114,688 -----c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2007-11-09 00:12 . 2001-08-17 22:36 106,584 -----c--- C:\WINDOWS\system32\dllcache\spdports.dll
2007-11-09 00:12 . 2001-08-17 13:51 61,824 -----c--- C:\WINDOWS\system32\dllcache\speed.sys
2007-11-09 00:12 . 2001-08-17 12:51 37,040 -----c--- C:\WINDOWS\system32\dllcache\sonypi.sys
2007-11-09 00:12 . 2001-08-17 12:51 20,752 -----c--- C:\WINDOWS\system32\dllcache\sonync.sys
2007-11-09 00:12 . 2001-08-17 14:07 19,072 -----c--- C:\WINDOWS\system32\dllcache\sparrow.sys
2007-11-09 00:12 . 2001-08-17 13:53 9,600 -----c--- C:\WINDOWS\system32\dllcache\sonymc.sys
2007-11-09 00:12 . 2001-08-17 13:56 7,552 -----c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-11-09 00:12 . 2004-08-03 23:00 7,552 -----c--- C:\WINDOWS\system32\dllcache\sonyait.sys
2007-11-09 00:12 . 2001-08-17 13:53 7,040 -----c--- C:\WINDOWS\system32\dllcache\snyaitmc.sys
2007-11-09 00:10 . 2001-08-17 22:36 495,616 -----c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2007-11-09 00:08 . 2001-08-17 13:28 899,146 -----c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2007-11-09 00:07 . 2001-08-17 14:05 351,616 -----c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2007-11-09 00:06 . 2004-08-04 00:56 1,737,856 -----c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2007-11-09 00:05 . 2001-08-18 13:00 1,875,968 -----c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2007-11-09 00:04 . 2001-08-18 13:00 1,158,818 -----c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2007-11-09 00:03 . 2004-08-04 00:56 702,845 -----c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2007-11-09 00:02 . 2001-08-17 14:56 1,733,120 -----c--- C:\WINDOWS\system32\dllcache\g400d.dll
2007-11-09 00:01 . 2001-08-17 13:28 634,134 -----c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2007-11-09 00:00 . 2001-08-17 12:14 952,007 -----c--- C:\WINDOWS\system32\dllcache\diwan.sys
2007-11-08 23:59 . 2001-08-17 12:13 980,034 -----c--- C:\WINDOWS\system32\dllcache\cicap.sys
2007-11-08 23:58 . 2001-08-17 13:28 871,388 -----c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2007-11-08 23:57 . 2004-08-04 00:56 1,888,992 -----c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2007-11-08 23:56 . 2001-08-17 13:28 762,780 -----c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2007-11-08 23:54 . 2001-08-17 14:56 66,048 -----c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-11-08 17:46 . 2007-11-08 17:46 664 --------- C:\WINDOWS\system32\d3d9caps.dat
2007-11-08 14:46 . 2007-11-08 14:46 <DIR> d-------- C:\Program Files\efs
2007-11-08 14:28 . 2007-11-08 14:28 15,544 --------- C:\WINDOWS\system32\drivers\sbhr.sys
2007-11-08 11:23 . 2007-11-08 11:23 <DIR> d-------- C:\Program Files\NeuroPower
2007-11-08 11:23 . 2007-11-08 11:23 <DIR> d-------- C:\Program Files\Common Files\NeuroPower
2007-11-07 23:14 . 2007-11-07 23:14 <DIR> d-------- C:\WINDOWS\system32\Markzware
2007-11-07 12:11 . 2007-11-07 12:11 <DIR> d-------- C:\Program Files\NASA
2007-11-04 12:41 . 2007-11-04 12:41 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-03 22:36 . 2007-11-30 15:12 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-03 22:36 . 2007-11-03 22:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-03 22:36 . 2007-11-03 22:36 <DIR> d-------- C:\Documents and Settings\wolfgangp\Application Data\SUPERAntiSpyware.com
2007-11-03 22:36 . 2007-11-03 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-03 22:04 . 2007-11-03 22:04 <DIR> d-------- C:\Documents and Settings\wolfgangp\Application Data\Sunbelt Software
2007-11-03 22:03 . 2007-11-03 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-11-03 21:30 . 2007-11-04 10:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-03 21:30 . 2007-06-21 21:55 54,672 --------- C:\WINDOWS\system32\vsutil_loc0407.dll
2007-11-03 21:30 . 2007-06-21 21:55 42,384 --------- C:\WINDOWS\zllsputility_loc0407.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 11:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-02 11:01 47,104 ----a-w C:\WINDOWS\system32\rpcnet.dll
2007-12-02 11:01 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.exe
2007-12-02 00:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-01 21:56 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.dll
2007-12-01 11:53 1,082,594 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-11-30 23:48 --------- d-----w C:\Program Files\Google
2007-11-30 23:05 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-30 16:04 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-29 12:46 --------- d-----w C:\Program Files\SmartFTP Client 2.0
2007-11-28 17:18 --------- d-----w C:\Program Files\DIFX
2007-11-28 12:42 --------- d-----w C:\Program Files\quic
2007-11-28 09:54 --------- d-----w C:\Documents and Settings\wolfgangp\Application Data\Nokia
2007-11-19 16:43 --------- d--h--w C:\Program Files\Zero G Registry
2007-11-19 10:22 --------- d-----w C:\Program Files\Opera
2007-11-18 14:32 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-17 10:50 --------- d-----w C:\Program Files\Symantec
2007-11-17 10:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-13 14:44 --------- d-----w C:\Documents and Settings\wolfgangp\Application Data\Lavasoft
2007-11-11 08:55 --------- d-----w C:\Program Files\DivX
2007-11-09 08:18 --------- d-----w C:\Program Files\Java
2007-11-08 10:45 22,618,579 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_11_08_11_14_40_full.dmp.zip
2007-11-08 10:04 --------- d-----w C:\Program Files\JAP
2007-11-07 23:18 22,303,922 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_11_08_00_02_26_full.dmp.zip
2007-11-07 11:41 --------- d-----w C:\Program Files\Quark
2007-11-06 16:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-04 20:31 --------- d-----w C:\Program Files\Startup-Spy XP 2006
2007-11-04 18:26 47,104 ----a-w C:\WINDOWS\system32\rpcnet.exe
2007-11-04 14:14 --------- d-----w C:\Documents and Settings\wolfgangp\Application Data\MailFrontier
2007-11-03 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-01 14:14 --------- d-----w C:\Program Files\nLite
2007-10-29 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\eXPert PDF 4
2007-10-28 23:39 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2007-10-28 14:28 --------- d-----w C:\Documents and Settings\wolfgangp\Application Data\AllDup
2007-10-28 13:21 --------- d-----w C:\Program Files\Visagesoft
2007-10-28 13:09 --------- d-----w C:\Program Files\Paragon Software
2007-10-28 12:52 --------- d-----w C:\Program Files\AllDup
2007-10-28 12:46 --------- d-----w C:\Program Files\Raw Therapee
2007-10-28 12:40 --------- d-----w C:\Program Files\PC Inspector File Recovery
2007-10-27 10:57 --------- d-----w C:\Documents and Settings\wolfgangp\Application Data\CDZilla
2007-10-27 00:43 --------- d-----w C:\Program Files\PSCS2
2007-10-25 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-20 00:56 524,288 ------w C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-10-20 00:56 3,596,288 ------w C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:56 200,704 ------w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-10-20 00:56 1,044,480 ------w C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:54 823,296 ------w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 ------w C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 81,920 ------w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ------w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 ------w C:\WINDOWS\system32\DivX.dll
2007-10-20 00:54 196,608 ------w C:\WINDOWS\system32\dtu100.dll
2007-10-18 09:06 156,992 ------w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 ------w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ------w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ------w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ------w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ------w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ------w C:\WINDOWS\system32\dpu10.dll
2007-10-18 09:02 12,288 ------w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-10-15 19:15 --------- d-----w C:\Documents and Settings\wolfgangp\Application Data\Skype
2007-10-10 17:31 --------- d-----w C:\Program Files\Canon
2007-10-10 11:40 --------- d-----w C:\Documents and Settings\wolfgangp\Application Data\PC Suite
2007-10-10 11:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-10-09 01:13 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-10-09 01:10 --------- d-----w C:\Program Files\Windows Installer Clean Up
2007-10-09 00:54 --------- d-----w C:\Program Files\Nokia
2007-10-08 22:32 --------- d-----w C:\Program Files\MSECACHE
2007-10-07 16:50 --------- d-----w C:\Program Files\Common Files\AVSMedia
2007-10-07 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-10-07 16:49 --------- d-----w C:\Program Files\AVS4YOU
2007-10-07 16:26 --------- d-----w C:\Documents and Settings\wolfgangp\Application Data\DivX
2007-10-04 14:09 --------- d-----w C:\Program Files\Altova
2007-10-04 14:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Altova
2007-10-04 10:55 --------- d-----w C:\Program Files\Common Files\Nokia
2007-10-04 10:54 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-10-04 10:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-10-04 10:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-10-03 23:05 --------- d-----w C:\Program Files\NSS
2007-09-24 08:08 17,408 ------w C:\WINDOWS\system32\rpcnetp2409.dll
2007-09-24 08:07 17,408 ------w C:\WINDOWS\system32\rpcnetp2409.exe
2007-09-22 21:07 31,232 ------w C:\WINDOWS\system32\rpcnet2209.dll
2006-02-19 01:28 12,288 ------w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((( snapshot@2007-12-02_12.04.43.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-02 11:03:07 1,296,416 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
+ 2007-12-02 11:17:49 1,308,704 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Timezone"="C:\Program Files\Microsoft Time Zone\TimeZone.exe" [2004-10-19 19:01]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:05 C:\WINDOWS\system32\bthprops.cpl]
"NVHotkey"="nvHotkey.dll" [2006-05-01 23:46 C:\WINDOWS\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 22:35 C:\WINDOWS\stsystra.exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 16:28]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 16:28]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 21:58]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 21:13]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 18:02]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 14:19]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2007-06-18 14:10]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"nwiz"="nwiz.exe" [2006-05-01 23:46 C:\WINDOWS\system32\nwiz.exe]
"YeppStudioAgent"="E:\samsung\SamsungMediaStudioAgent.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-26 02:58]
"RegistryMechanic"="" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\system32\rundll32.exe]
"SpyHunter"="" []
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-08-27 12:09]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-07-08 17:16]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:56]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 19:40]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 20:45]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\9]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\a]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\9]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-183450923-97400744-4212676017-1009]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-183450923-97400744-4212676017-1009\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-183450923-97400744-4212676017-1009\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-183450923-97400744-4212676017-1009\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-183450923-97400744-4212676017-1009\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-183450923-97400744-4212676017-1009\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-183450923-97400744-4212676017-1009\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-183450923-97400744-4212676017-1009\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-183450923-97400744-4212676017-1009\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-183450923-97400744-4212676017-500]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-183450923-97400744-4212676017-500\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-183450923-97400744-4212676017-500\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-183450923-97400744-4212676017-500\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-183450923-97400744-4212676017-500\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-183450923-97400744-4212676017-500\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-183450923-97400744-4212676017-500\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-183450923-97400744-4212676017-500\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-183450923-97400744-4212676017-500\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPLink-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPLink-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPLink-List\9]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPLink-List\a]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPO-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPO-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPO-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPO-List\9]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\GPO-List\a]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1214\Scripts\Logon\0\0]
"Script"=LondonPrinters2.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPLink-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPLink-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPLink-List\9]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPO-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPO-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\GPO-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1340\Scripts\Logon\0\0]
"Script"=LondonPrinters2.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPLink-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPLink-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPO-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPO-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\GPO-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1374\Scripts\Logon\0\0]
"Script"=LondonPrinters2.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPLink-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPLink-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPLink-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPLink-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPLink-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPLink-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPLink-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPLink-List\9]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPLink-List\a]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPO-List\2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPO-List\3]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPO-List\4]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPO-List\5]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPO-List\6]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPO-List\7]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPO-List\8]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\GPO-List\9]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\Scripts\Logon\0\0]
"Script"=CalgaryPrinters.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\Scripts\Logon\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2879384005-3663798624-3017348443-1810\Scripts\Logon\1\0]
"Script"=ANAUDIT.BAT
R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys
R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys
R2 OracleOraHome92Agent;OracleOraHome92Agent;C:\oracle\ora92\bin\agntsrvc.exe
R2 OracleServiceALMONDE;OracleServiceALMONDE;c:\oracle\ora92\bin\ORACLE.EXE ALMONDE
R2 OracleServiceORA92;OracleServiceORA92;c:\oracle\ora92\bin\ORACLE.EXE ORA92
R2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service
R3 TfNetMon;TfNetMon;\??\C:\WINDOWS\system32\drivers\TfNetMon.sys
R3 USBCCID;USB Smart Card reader;C:\WINDOWS\system32\DRIVERS\usbccid.sys
S2 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;"C:\oracle\ora92\Apache\Apache\apache.exe" --ntservice
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;C:\oracle\ora92\BIN\ONRSD.EXE
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;C:\oracle\ora92\BIN\ENCSVC.EXE
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;C:\oracle\ora92\BIN\AGNTSVC.EXE
S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\Drivers\PRODIGY.SYS
S3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autostart.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-01 21:56:49 C:\WINDOWS\Tasks\McAfee AntiSpyware.job"
- c:\progra~1\mcafee\MCAFEE~1\MASCon.exe
"2007-06-14 12:37:40 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 12:18:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\autochk(3).exe:BAK 22528 bytes executable
IPC error: 2 The system cannot find the file specified.
scan completed successfully
hidden files: 1
**************************************************************************
.
Completion time: 2007-12-02 12:19:34
C:\ComboFix2.txt ... 2007-12-02 12:05
.
--- E O F ---
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
UND JETZT auch Hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03, on 2007-12-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\oracle\ora92\bin\agntsrvc.exe
C:\oracle\ora92\BIN\TNSLSNR.exe
C:\WINDOWS\system32\cmd.exe
c:\oracle\ora92\bin\ORACLE.EXE
c:\oracle\ora92\bin\ORACLE.EXE
C:\oracle\ora92\bin\dbsnmp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint\HidFind.exe
E:\logitech\MouseWare\system\em_exec.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Time Zone\TimeZone.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPNRA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://new.aol.com/sscweb/subflows/login/createScreenName
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.1
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [YeppStudioAgent] E:\samsung\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Timezone] "C:\Program Files\Microsoft Time Zone\TimeZone.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.expedia.de
O15 - Trusted Zone: www.lufthansa.com
O15 - Trusted Zone: *.quic.com
O15 - Trusted Zone: *.quic.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152300761015
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = QFTI.COM
O17 - HKLM\Software\..\Telephony: DomainName = QFTI.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{6277F659-580D-4177-8981-F379C299A3DC}: NameServer = 145.253.2.11,132.230.200.201
O17 - HKLM\System\CCS\Services\Tcpip\..\{E834058F-D41E-4334-B870-132CD5AE3801}: NameServer = 145.253.2.11,132.230.200.201
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = QFTI.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = QFTI.COM
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - C:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - C:\oracle\ora92\Apache\Apache\apache.exe
O23 - Service: OracleOraHome92PagingServer - Unknown owner - C:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - C:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - C:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceALMONDE - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: OracleServiceORA92 - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12679 bytes
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Und das sagt datfind:
.
.
Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten
.
.
Volume in drive C has no label.
Volume Serial Number is 807C-AEFE
Directory of C:\WINDOWS\system32
2007-12-02 12:03 0 NvwsApps.xml
2007-12-02 12:03 68,877 nvModes.001
2007-12-02 12:02 2,206 wpa.dbl
2007-12-02 12:01 17,408 rpcnetp.exe
2007-12-02 12:01 47,104 rpcnet.dll
2007-12-02 01:09 68,877 nvModes.dat
2007-12-01 22:56 17,408 rpcnetp.dll
2007-12-01 00:49 259,048 FNTCACHE.DAT
2007-11-30 22:28 0 SBFC.dat
2007-11-30 22:28 0 SBRC.dat
2007-11-30 21:15 4,212 zllictbl.dat
2007-11-27 23:32 16,832 amcompat.tlb
2007-11-27 23:32 23,392 nscompat.tlb
2007-11-18 15:30 165 AddPort.ini
2007-11-09 14:11 4,728 PerfStringBackup.TMP
2007-11-09 09:18 5,238 jupdate-1.6.0_03-b05.log
2007-11-08 17:46 664 d3d9caps.dat
2007-11-04 19:26 47,104 rpcnet.exe
2007-11-02 22:20 5,612 lghhavmr.dll
2007-11-02 00:21 133,120 zip32.dll
2007-10-29 11:04 350,720 xpsp3res.dll
2007-10-29 00:17 6,602 jupdate-1.5.0_07-b03.log
2007-10-27 01:12 10,752 BASSMOD.dll
2007-10-27 00:14 143 mcrh.tmp
2007-10-26 04:34 8,460,288 shell32.dll
2007-10-20 14:55 63,488 shdocvw.oca
2007-10-20 14:55 35,840 COMDLG32.oca
2007-10-20 01:56 524,288 DivXsm.exe
2007-10-20 01:56 4,816 divxsm.tlb
2007-10-20 01:56 3,596,288 qt-dx331.dll
2007-10-20 01:56 187,128 pxmas.dll
2007-10-20 01:56 72,440 pxhpinst.exe
2007-10-20 01:56 379,640 pxwave.dll
2007-10-20 01:56 64,760 pxinsa64.exe
2007-10-20 01:56 118,520 pxinsi64.exe
2007-10-20 01:56 551,672 px.dll
2007-10-20 01:56 1,628,920 pxsfs.dll
2007-10-20 01:56 129,784 pxafs.dll
2007-10-20 01:56 66,296 pxcpya64.exe
2007-10-20 01:56 120,056 pxcpyi64.exe
2007-10-20 01:56 88,824 vxblock.dll
2007-10-20 01:56 518,904 pxdrv.dll
2007-10-20 01:56 200,704 ssldivx.dll
2007-10-20 01:56 1,044,480 libdivx.dll
2007-10-20 01:54 416 dpl100.dll.manifest
2007-10-20 01:54 196,608 dtu100.dll
2007-10-20 01:54 416 dtu100.dll.manifest
2007-10-20 01:54 81,920 dpl100.dll
2007-10-20 01:54 802,816 divx_xx11.dll
2007-10-20 01:54 823,296 divx_xx0c.dll
2007-10-20 01:54 823,296 divx_xx07.dll
2007-10-20 01:54 739,840 DivX.dll
2007-10-20 01:54 729,088 divxdec.ax
2007-10-18 10:06 156,992 DivXCodecVersionChecker.exe
2007-10-18 10:03 294,912 dpu11.dll
2007-10-18 10:03 53,248 dpuGUI10.dll
2007-10-18 10:03 344,064 dpus11.dll
2007-10-18 10:03 294,912 dpu10.dll
2007-10-18 10:03 57,344 dpv11.dll
2007-10-18 10:03 593,920 dpuGUI11.dll
2007-10-18 10:03 352,401 DivXMedia.ax
2007-10-18 10:02 12,288 DivXWMPExtType.dll
2007-09-28 23:08 84,992 lmdimon8.dll
2007-09-24 23:31 139,264 javaws.exe
2007-09-24 23:31 69,632 javacpl.cpl
2007-09-24 22:30 135,168 javaw.exe
2007-09-24 22:30 135,168 java.exe
2007-09-24 09:09 2,206 wpa2409.dbl
2007-09-24 09:08 17,408 rpcnetp2409.dll
2007-09-24 09:07 17,408 rpcnetp2409.exe
2007-09-24 08:17 389 ijjl