|
Log-Analyse und Auswertung: Weißer Bildschirm (SUISA) -Warte Sie Verbindung wird hergestelltWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.04.2012, 23:22 | #1 |
| Weißer Bildschirm (SUISA) -Warte Sie Verbindung wird hergestellt Hallo zusammen! Habe seit gestern das Problem wie einige hier. Wenn ich meinen Rechner hochfahren will, erscheint ein weißer Bildschirm "Warten Sie während die Verbindung hergestellt wird". Dann werden Logo und Name der SUISA dazu verwendet, um der Zugang zu meinem Computer zu sperren und zur Zahlung einer Mahngebühr in Höhe von 75 Franken via paysafecard aufzufordern. Ich wollte den Rechner auch über den Abgesicherten Modus starten, hatte aber den selben Effekt. --> weißer Bildschirm Habe mich dann hier eingelesen und über die CD(REATOGO-X-PE) gebootet. Danach habe ich mit OTLPE das LOG file erstellt. Ich hoffe das war bis jetzt der richtige Weg! Ich suche weitere Hilfe von Ihnen. Denn ich komme aus China, deswegen gibt es einige Wörter, die das Software vielleicht nicht identifizieren kann. Ich weiss nicht, ob es in diesem Weg noch funktioniert. Und das OTL file ist zu gross. Ich darf nicht es per Anhang beifügen. Deswegen klebe ich es hier. Bitte verzeiht mir Fehler die ich evtl. gemacht habe, habe von Computern leider nur sehr wenig Ahnung. Vielen Dank aus der Schweiz. Code:
ATTFilter OTL logfile created on: 4/12/2012 2:09:33 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE 64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86) Drive C: | 100.00 Mb Total Space | 74.37 Mb Free Space | 74.37% Space Free | Partition Type: NTFS Drive D: | 283.27 Gb Total Space | 157.57 Gb Free Space | 55.62% Space Free | Partition Type: NTFS Drive E: | 238.63 Mb Total Space | 238.60 Mb Free Space | 99.99% Space Free | Partition Type: FAT Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/01/14 03:01:51 | 000,203,776 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/12/09 19:26:26 | 000,923,024 | ---- | M] (Sony Corporation) [Auto] -- D:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV:64bit: - [2010/12/06 12:14:50 | 000,584,080 | ---- | M] (Sony Corporation) [Auto] -- D:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV:64bit: - [2010/11/18 12:23:44 | 001,310,096 | ---- | M] (Sony Corporation) [On_Demand] -- D:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent) SRV:64bit: - [2010/11/02 16:49:46 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV:64bit: - [2010/11/02 16:39:08 | 000,340,240 | ---- | M] () [On_Demand] -- D:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2010/11/02 16:34:14 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV:64bit: - [2010/10/25 20:55:26 | 000,387,896 | ---- | M] (Sony Corporation) [Auto] -- D:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV:64bit: - [2010/10/25 20:26:34 | 000,101,152 | ---- | M] (Sony Corporation) [On_Demand] -- D:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV:64bit: - [2010/10/25 20:12:24 | 000,549,168 | ---- | M] (Sony Corporation) [Auto] -- D:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV:64bit: - [2010/09/27 18:13:22 | 000,303,872 | ---- | M] (Sony Corporation) [On_Demand] -- D:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/08/12 18:15:34 | 000,257,936 | ---- | M] (Sony Corporation) [Auto] -- D:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:64bit: - [2010/07/29 22:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto] -- D:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/03/02 10:16:04 | 000,273,240 | ---- | M] (360.cn) [Auto] -- D:\Program Files (x86)\360\360Safe\deepscan\zhudongfangyu.exe -- (ZhuDongFangYu) SRV - [2011/11/21 04:35:12 | 000,189,784 | ---- | M] () [Auto] -- D:\Program Files (x86)\360\360jishi\360js.exe -- (360js) SRV - [2011/09/30 20:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/09/30 20:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/06/18 03:34:14 | 000,008,192 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2011/06/10 06:39:36 | 000,078,512 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [On_Demand] -- D:\Program Files (x86)\Thunder Network\Thunder\Program\DctSer.dll -- (XLDoctor Service) SRV - [2011/05/20 08:28:56 | 000,182,128 | R--- | M] (Swisscom) [Auto] -- D:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe -- (UDM Service) SRV - [2011/05/16 09:14:02 | 001,482,240 | ---- | M] (Swisscom) [Auto] -- D:\Program Files (x86)\Swisscom\Sesam\BIN\SecMIPService.exe -- (SesamService) SRV - [2011/05/13 03:07:46 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- D:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/03/23 00:38:56 | 000,077,824 | ---- | M] () [Auto] -- D:\Windows\System_ejectcd.exe -- (UI_) SRV - [2011/02/16 03:31:22 | 000,210,248 | ---- | M] (新浪网技术(中国)有限公司) [Auto] -- D:\Program Files (x86)\sina\Sina_live\2010\live_deamon.dll -- (sina_live_deamon) SRV - [2011/01/05 02:11:44 | 002,656,280 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2011/01/05 02:10:33 | 000,325,656 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010/12/23 19:24:52 | 000,095,632 | ---- | M] (Sony Corporation) [Auto] -- D:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010/12/10 09:50:28 | 000,939,352 | ---- | M] (360.cn) [Auto] -- D:\Program Files (x86)\360\360sd\360rp.exe -- (360rp) SRV - [2010/11/27 03:55:44 | 000,398,176 | ---- | M] (Sony Corporation) [Auto] -- D:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010/10/12 18:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [Auto] -- D:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2010/09/27 18:12:36 | 000,864,000 | ---- | M] (Sony Corporation) [Auto] -- D:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2010/09/22 09:54:22 | 000,307,568 | ---- | M] (Sierra Wireless, Inc.) [Auto] -- D:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc) SRV - [2010/09/10 11:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [Auto] -- D:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2010/09/10 11:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [Auto] -- D:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand] -- D:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/03/18 01:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/09/06 09:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/04/22 23:19:10 | 000,200,704 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand] -- D:\Program Files (x86)\360\360sd\scan.dll -- (scan) SRV - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto] -- D:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/08 10:01:32 | 000,355,928 | ---- | M] (360.cn) [File_System | System] -- D:\Windows\System32\drivers\360fsflt.sys -- (360FsFlt) DRV:64bit: - [2011/12/23 04:35:28 | 000,274,008 | ---- | M] (360安全中心) [File_System | System] -- D:\Windows\System32\drivers\360Box64.sys -- (360Box64) DRV:64bit: - [2011/12/05 11:07:08 | 000,171,360 | ---- | M] (360.cn) [Kernel | System] -- D:\Windows\System32\Drivers\BAPIDRV64.SYS -- (BAPIDRV) DRV:64bit: - [2011/09/30 20:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/09/30 20:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/09/30 20:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/09/30 20:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/05/09 20:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/04/11 09:53:24 | 000,409,456 | ---- | M] (Swisscom) [Kernel | System] -- D:\Windows\System32\drivers\wtsmpflt.sys -- (WtSmpFlt) DRV:64bit: - [2011/04/11 09:53:22 | 000,056,688 | ---- | M] (Swisscom) [Kernel | On_Demand] -- D:\Windows\System32\drivers\wtsmpadap.sys -- (WtSmpAdap) DRV:64bit: - [2011/04/02 01:48:14 | 000,056,920 | ---- | M] (360.cn) [Kernel | System] -- D:\Windows\System32\drivers\360netmon.sys -- (360netmon) DRV:64bit: - [2011/02/17 21:00:44 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2011/02/17 21:00:42 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2011/01/29 21:19:52 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/01/14 03:04:13 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011/01/14 03:04:13 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/01/14 03:02:02 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/01/14 03:02:02 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/01/14 02:59:48 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2011/01/05 02:10:11 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010/12/21 16:09:15 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2010/12/06 16:38:55 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2010/12/01 08:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/09 06:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2010/11/01 16:09:19 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/11/01 16:09:19 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/09/23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/09/21 09:01:12 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010/09/21 09:01:10 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2010/04/26 16:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2010/04/16 03:40:00 | 000,091,184 | ---- | M] (360安全中心) [Kernel | System] -- D:\Windows\System32\drivers\qutmdrv.sys -- (qutmdserv) DRV:64bit: - [2009/07/28 03:59:54 | 000,120,832 | ---- | M] (Tlay Incorporated) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tlusbat.sys -- (TLAYusbnmea) DRV:64bit: - [2009/07/28 03:59:54 | 000,120,832 | ---- | M] (Tlay Incorporated) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tlusbmdm.sys -- (TLAYusbmdm) DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\e1y60x64.sys -- (e1yexpress) Intel(R) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/05/26 17:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2008/06/16 06:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- D:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2007/05/14 11:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RimUsb_AMD64.sys -- (RimUsb) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Xu_Huang_ON_D\Software\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Xu Huang\Downloads IE - HKU\Xu_Huang_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony.msn.com IE - HKU\Xu_Huang_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\Xu_Huang_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Xu_Huang_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\Wow6432Node\MozillaPlugins\@baidu.com/npxbdyy: D:\Program Files (x86)\Baidu\BaiduPlayer\1.0.23.108\npxbdyy.dll () FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pptv.com/plugin: D:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npqscall,version=1.0.0: D:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@qvod.com/QvodInsert: D:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd) FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Acrobat: D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/05/13 04:03:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/05/13 04:03:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/05/13 04:04:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{E4D8AFFF-DA7C-412F-A976-05ED142C7806}: C:\Program Files (x86)\Swisscom\Unlimited Data Manager\FireFox_Remote\ [2012/03/30 03:17:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/01 10:42:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/01 10:41:26 | 000,000,000 | ---D | M] [2012/03/01 10:42:34 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions [2012/03/01 10:41:37 | 000,000,000 | ---D | M] (Talkback) -- D:\Program Files (x86)\Mozilla Firefox\extensions\talkback@mozilla.org [2008/12/17 18:34:33 | 000,067,688 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\jar50.dll [2008/12/17 18:34:33 | 000,054,368 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\jsd3250.dll [2008/12/17 18:34:33 | 000,034,944 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\myspell.dll [2008/12/17 18:34:33 | 000,046,712 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\spellchk.dll [2008/12/17 18:34:33 | 000,172,136 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\xpinstal.dll [2006/08/24 17:07:50 | 000,001,525 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2006/08/24 17:07:50 | 000,001,063 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2006/11/10 07:42:00 | 000,000,998 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2006/11/10 18:32:03 | 000,000,815 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts O2 - BHO: (ѸÀ×FLVÊÓƵÐá̽¼°ÏÂÔØÖ§³Ö) - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - D:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.2.48.dll (ShenZhen Xunlei Networking Technologies,LTD) O2 - BHO: (ѸÀ×ÏÂÔØÖ§³Ö) - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.0.3076.dll (深圳市迅雷网络技术有限公司) O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - D:\Program Files (x86)\QvodPlayer\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - File not found O2 - BHO: (ѸÀ×ÏÂÔØÖúÊÖ) - {B0E2F470-0B07-48f0-B3B1-5749505FAE9B} - D:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.2.48.dll (ShenZhen Xunlei Networking Technologies,LTD) O2 - BHO: (SafeMon Class) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - D:\Program Files (x86)\360\360Safe\safemon\safemon.dll (360.cn) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\Xu_Huang_ON_D\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Apoint] D:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [RtHDVBg] D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [360Safetray] D:\Program Files (x86)\360\360Safe\safemon\360Tray.exe (360.cn) O4 - HKLM..\Run: [ISBMgr.exe] D:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] D:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [SHTtray.exe] D:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation) O4 - HKLM..\Run: [VAIO Boot Manager] D:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe (Sony Corporation) O4 - HKU\boinc_master_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\Xu_Huang_ON_D..\Run: [360sd] D:\Program Files (x86)\360\360sd\360sd.exe (360.cn) O4 - HKU\Xu_Huang_ON_D..\Run: [CardejectRun.exe] D:\Windows\CardejectRun.exe () O4 - HKU\Xu_Huang_ON_D..\Run: [lmfvMDBr3jNvGGM] D:\Users\Xu Huang\AppData\Roaming\bstr55uhjzd.exe (cambi taceva) O4 - HKU\boinc_master_ON_D..\RunOnce: [mctadmin] File not found O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found O4 - Startup: Error locating startup folders. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\Xu_Huang_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1 O7 - HKU\Xu_Huang_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O7 - HKU\Xu_Huang_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\Xu_Huang_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O9 - Extra Button: 浩方电竞平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\Program Files (x86)\Holdfast\platform 5.0\GameClient.exe (上海浩方在线信息技术有限公司) O9 - Extra Button: 启动飞信 - {814953B0-3DE7-4171-A0DD-A7A38322B6C7} - D:\Program Files (x86)\China Mobile\Fetion\\Fetion.exe () O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - D:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation) O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - D:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13:64bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15:64bit: - Xu_Huang_ON_D\..Trusted Domains: 255.148 ([202.96] http in Trusted sites) O15:64bit: - Xu_Huang_ON_D\..Trusted Domains: alipay.com ([]http in Trusted sites) O15:64bit: - Xu_Huang_ON_D\..Trusted Domains: alipay.com ([]https in Trusted sites) O15:64bit: - Xu_Huang_ON_D\..Trusted Domains: alisoft.com ([]http in Trusted sites) O15:64bit: - Xu_Huang_ON_D\..Trusted Domains: alisoft.com ([]https in Trusted sites) O15:64bit: - Xu_Huang_ON_D\..Trusted Domains: online.unionpay.com ([]https in Trusted sites) O15:64bit: - Xu_Huang_ON_D\..Trusted Domains: pps.tv ([]http in Trusted sites) O15:64bit: - Xu_Huang_ON_D\..Trusted Domains: ppstream.com ([]http in Trusted sites) O15:64bit: - Xu_Huang_ON_D\..Trusted Domains: taobao.com ([]http in Trusted sites) O15:64bit: - Xu_Huang_ON_D\..Trusted Domains: taobao.com ([]https in Trusted sites) O15:64bit: - Xu_Huang_ON_D\..Trusted Domains: unionpay.com ([online] https in Trusted sites) O15:64bit: - Xu_Huang_ON_D\..Trusted Domains: unionpaysecure.com ([]https in Trusted sites) O15:64bit: - Xu_Huang_ON_D\..Trusted Domains: webscache.com ([]http in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://studmailak.unisg.ch/dwa85W.cab (IBM Lotus iNotes 8.5 Control) O16 - DPF: {152FC577-6940-4B1E-99BB-D4D5B8BF182E} hxxp://hr.chalco.com.cn/cs_deploy/FileViewerX.cab (FileViewer Control) O16 - DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} hxxp://dl_dir.qq.com/qqtv/MMInstaller.cab (InstallHelper Class) O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} https://download.alipay.com/ukey/cert/1007/ie/PTA.cab (iTrusPTA Class) O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} https://download.alipay.com/aliedit/aliedit/2401/aliedit.cab (EditCtrl Class) O16 - DPF: {75533D3B-C507-4337-BD9A-FC7212DF7927} hxxp://hr.chalco.com.cn/cs_deploy/hrpsetiesecurity.cab (HrpSetIESecurityX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {AE460AD7-D678-43BB-B4DF-394B2D0C4E52} https://unionpaysecure.com/upe/UPEditor.cab (UpSecEditor Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E758BC30-C8C3-4379-B27B-B50E146460A9} hxxp://update.tv.sina.com.cn/live/p2p/install_service_v4.cab.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\Xu_Huang_ON_D Winlogon: Shell - (C:\Users\Xu Huang\AppData\Roaming\bstr55uhjzd.exe) - D:\Users\Xu Huang\AppData\Roaming\bstr55uhjzd.exe (cambi taceva) O20 - HKU\Xu_Huang_ON_D Winlogon: UserInit - (C:\Users\Xu Huang\AppData\Roaming\bstr55uhjzd.exe) - D:\Users\Xu Huang\AppData\Roaming\bstr55uhjzd.exe (cambi taceva) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/12 00:27:10 | 000,000,000 | -HSD | C] -- D:\RECYCLER [2012/04/10 10:09:55 | 000,306,688 | ---- | C] (cambi taceva) -- D:\Users\Xu Huang\AppData\Roaming\bstr55uhjzd.exe [2012/04/10 07:53:17 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{725E0F02-36AA-400C-8535-DA5BBBABAAF5} [2012/04/10 04:02:51 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\Desktop\Jop Application [2012/04/10 03:34:27 | 000,000,000 | RHSD | C] -- D:\360SANDBOX [2012/04/09 09:07:15 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{E39DB016-7C16-4E45-9215-C03B97AEA725} [2012/04/08 06:30:19 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{FE4978BC-825A-4AE7-AEEA-D9544117F057} [2012/04/07 09:04:36 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{E1EBAEB8-41FA-41A8-9719-48BDD1B934EF} [2012/04/06 08:41:52 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{76AC334D-F7BB-4716-BF13-0CBB4708FEFB} [2012/04/05 06:16:59 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{B550CD61-ABE8-49A0-B380-462FC96759AA} [2012/04/04 06:57:08 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{DFDE4588-2F68-4281-BE38-418C9B51A263} [2012/04/03 06:57:50 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{B4941A33-CF8A-4E68-BB1B-2A91C0CB3032} [2012/04/02 04:45:20 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{19551250-5481-4FE4-ABB6-538925B5750D} [2012/04/01 13:52:01 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{DA3C5E36-F9A5-4399-B3DF-F0F961132FB0} [2012/03/31 15:13:55 | 000,000,000 | R--D | C] -- D:\huangxu graduation [2012/03/31 05:14:08 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{15E7DF21-C395-4E6C-B279-6A26420A50A2} [2012/03/30 03:18:41 | 000,000,000 | ---D | C] -- D:\ProgramData\Local [2012/03/30 03:17:54 | 001,490,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\WdfCoInstaller01007.dll [2012/03/30 03:17:54 | 001,490,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\WdfCoInstaller01007.dll [2012/03/30 03:17:54 | 000,196,608 | ---- | C] (Huawei Technologies Co., Ltd.) -- D:\Windows\System32\drivers\ew_juwwanecm.sys [2012/03/30 03:17:54 | 000,093,696 | ---- | C] (Huawei Technologies Co., Ltd.) -- D:\Windows\System32\drivers\ew_jucdcacm.sys [2012/03/30 03:17:54 | 000,085,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- D:\Windows\System32\drivers\ew_jubusenum.sys [2012/03/30 03:17:54 | 000,055,296 | ---- | C] (Huawei Technologies Co., Ltd.) -- D:\Windows\System32\drivers\ew_jucdcecm.sys [2012/03/30 03:17:54 | 000,029,184 | ---- | C] (Huawei Technologies Co., Ltd.) -- D:\Windows\System32\drivers\ew_juextctrl.sys [2012/03/30 03:17:42 | 000,256,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- D:\Windows\System32\drivers\ewusbnet.sys [2012/03/30 03:17:42 | 000,121,600 | ---- | C] (Huawei Technologies Co., Ltd.) -- D:\Windows\System32\drivers\ewusbmdm.sys [2012/03/30 03:17:42 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- D:\Windows\System32\drivers\ewdcsc.sys [2012/03/30 03:17:42 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- D:\Windows\System32\drivers\ew_usbenumfilter.sys [2012/03/30 03:17:28 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- D:\Windows\System32\drivers\ew_hwusbdev.sys [2012/03/30 03:17:16 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unlimited Data Manager [2012/03/30 03:17:06 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Swisscom [2012/03/30 03:17:05 | 000,000,000 | ---D | C] -- D:\ProgramData\WtDashboard [2012/03/30 03:17:05 | 000,000,000 | ---D | C] -- D:\ProgramData\UDM [2012/03/30 03:17:05 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Sierra Wireless Inc [2012/03/30 03:14:52 | 000,000,000 | ---D | C] -- D:\ProgramData\UDM_21168 [2012/03/29 05:09:46 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{4CE6C859-8ACE-4A9A-9152-18A27B3A8031} [2012/03/26 02:17:14 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{170FA8C4-7E29-44E6-9AD0-EC2E8A1C85F3} [2012/03/26 02:16:58 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{59EDE93D-55BC-4F0C-B05A-B8567EFBFF14} [2012/03/25 05:56:06 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{8A992498-B122-418B-82C6-FF93AA1FD82D} [2012/03/25 05:55:55 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{53E285B5-E697-4663-9699-DE94B697CB07} [2012/03/24 06:31:39 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{BF4825E5-E761-412D-8B51-A4F778A628A2} [2012/03/24 06:31:28 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{FCFB172C-D6C4-44BE-A643-C980FDB9B577} [2012/03/23 07:30:41 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{1A2415EF-23EB-4439-9BBC-32548AB09DA1} [2012/03/23 07:30:30 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{5EB392B3-0A8A-4392-A057-276B0B9FF705} [2012/03/22 07:20:00 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{BD850B9F-81F3-48CD-8243-789F7DFB9C60} [2012/03/22 07:19:49 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{2755C2F4-A35D-4470-A36B-9C3F20D9906A} [2012/03/21 06:41:26 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{5D1CF059-B8A9-4711-8EDE-91E71C2B782A} [2012/03/21 06:41:15 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{95BD8688-6F99-4209-A952-42CCA9469BBF} [2012/03/20 16:13:29 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{00766BAF-BBBD-465E-828A-E88A705C2ED9} [2012/03/20 16:13:18 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{03B8F9A6-A3EA-46B6-B980-B24413450C86} [2012/03/19 03:56:45 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{AC95D965-2580-43F7-B297-88AAB8CD2735} [2012/03/19 03:56:35 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{265C671B-6CDD-4E37-A9EF-408758EC1756} [2012/03/16 06:42:48 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{85D4C0A5-5BEA-41C2-A87B-AA8C0A70B28F} [2012/03/16 06:42:38 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{4AD1BA4C-D4D5-4CC6-9CBF-4B151CE11C07} [2012/03/15 17:09:01 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{A1143957-DD85-4276-9605-3D8032AC29E5} [2012/03/15 17:08:51 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{A9A98BD2-7DF4-4007-9EAE-4F41CD1D7E09} [2012/03/14 12:10:49 | 005,559,152 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntoskrnl.exe [2012/03/14 12:10:48 | 003,968,368 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntkrnlpa.exe [2012/03/14 12:10:48 | 003,913,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntoskrnl.exe [2012/03/14 07:18:50 | 001,544,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll [2012/03/14 07:18:50 | 001,077,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\DWrite.dll [2012/03/14 07:15:48 | 000,149,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorekmts.dll [2012/03/14 07:15:48 | 000,077,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpwsx.dll [2012/03/14 07:15:48 | 000,009,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdrmemptylst.exe [2012/03/14 07:15:47 | 001,031,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcore.dll [2012/03/14 07:15:47 | 000,826,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\rdpcore.dll [2012/03/14 03:37:02 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{7594831A-D6D2-4B7F-AB3C-5B1343C8B4A8} [2012/03/14 03:36:52 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{03248852-3D13-4EEF-9EA5-EAD688C4A0B6} [2012/03/13 06:15:27 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{24BEC7F7-355E-49E1-BABE-AD33EBBB972A} [2012/03/13 06:15:17 | 000,000,000 | ---D | C] -- D:\Users\Xu Huang\AppData\Local\{6482F7E1-539D-4AC3-91A6-4FBCC33F7C85} [1 D:\Users\Xu Huang\AppData\Roaming\*.tmp files -> D:\Users\Xu Huang\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/11 18:40:27 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat [2012/04/11 18:40:24 | 3155,025,920 | -HS- | M] () -- D:\hiberfil.sys [2012/04/11 18:35:28 | 000,000,006 | -H-- | M] () -- D:\Windows\tasks\SA.DAT [2012/04/11 08:35:04 | 000,727,334 | ---- | M] () -- D:\Windows\System32\PerfStringBackup.INI [2012/04/11 08:35:04 | 000,616,694 | ---- | M] () -- D:\Windows\System32\perfh009.dat [2012/04/11 08:35:04 | 000,106,816 | ---- | M] () -- D:\Windows\System32\perfc009.dat [2012/04/11 06:45:28 | 000,014,144 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/11 06:45:28 | 000,014,144 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/10 10:09:50 | 000,306,688 | ---- | M] (cambi taceva) -- D:\Users\Xu Huang\AppData\Roaming\bstr55uhjzd.exe [2012/04/10 10:04:06 | 000,000,118 | ---- | M] () -- D:\Windows\hexin.INI [2012/04/10 07:53:28 | 000,034,726 | ---- | M] () -- D:\Users\Xu Huang\Documents\keyfile_u [2012/04/10 07:53:26 | 000,000,016 | ---- | M] () -- D:\Users\Xu Huang\Documents\keyfile [2012/04/10 03:32:35 | 001,143,170 | -H-- | M] () -- D:\Users\Xu Huang\AppData\Local\IconCache.db [2012/04/04 16:51:27 | 000,051,270 | ---- | M] () -- D:\Users\Xu Huang\AppData\Roaming\room_v3.dat [2012/04/04 04:38:21 | 000,163,733 | ---- | M] () -- D:\Users\Xu Huang\Desktop\602.101_d_ED.pdf [2012/04/04 04:29:15 | 000,028,617 | ---- | M] () -- D:\Users\Xu Huang\Desktop\Airticket_ZRH_PVG.pdf [2012/04/02 08:15:41 | 000,000,917 | ---- | M] () -- D:\Users\Xu Huang\AppData\Roaming\coreavc.ini [2012/03/31 16:51:20 | 000,123,832 | ---- | M] () -- D:\Users\Xu Huang\AppData\Local\GDIPFONTCACHEV1.DAT [2012/03/31 04:56:41 | 000,015,257 | ---- | M] () -- D:\Users\Xu Huang\Desktop\Interrail Tickets Confirmation.pdf [2012/03/31 04:44:00 | 000,068,717 | ---- | M] () -- D:\Users\Xu Huang\Desktop\confirmation_Kreuzfahrt.pdf [2012/03/30 03:17:57 | 000,000,000 | -H-- | M] () -- D:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2012/03/30 03:17:16 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unlimited Data Manager [2012/03/22 07:13:51 | 485,866,299 | ---- | M] () -- D:\Windows\MEMORY.DMP [2012/03/15 12:48:02 | 000,224,823 | ---- | M] () -- D:\test.xml [2012/03/15 02:38:44 | 000,480,224 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT [1 D:\Users\Xu Huang\AppData\Roaming\*.tmp files -> D:\Users\Xu Huang\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/04 04:29:15 | 000,028,617 | ---- | C] () -- D:\Users\Xu Huang\Desktop\Airticket_ZRH_PVG.pdf [2012/04/03 07:37:31 | 000,163,733 | ---- | C] () -- D:\Users\Xu Huang\Desktop\602.101_d_ED.pdf [2012/03/31 04:56:41 | 000,015,257 | ---- | C] () -- D:\Users\Xu Huang\Desktop\Interrail Tickets Confirmation.pdf [2012/03/31 04:44:00 | 000,068,717 | ---- | C] () -- D:\Users\Xu Huang\Desktop\confirmation_Kreuzfahrt.pdf [2012/03/30 03:17:57 | 000,000,000 | -H-- | C] () -- D:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2012/03/22 07:13:51 | 485,866,299 | ---- | C] () -- D:\Windows\MEMORY.DMP [2012/03/01 10:42:06 | 000,000,000 | ---- | C] () -- D:\Windows\nsreg.dat [2012/02/14 09:56:22 | 000,000,118 | ---- | C] () -- D:\Windows\hexin.INI [2011/12/22 20:38:18 | 001,143,170 | -H-- | C] () -- D:\Users\Xu Huang\AppData\Local\IconCache.db [2011/11/19 16:07:56 | 000,000,891 | ---- | C] () -- D:\Windows\SysWow64\bdsecushr.dat [2011/11/19 16:01:21 | 000,000,138 | ---- | C] () -- D:\Windows\vsfilter.INI [2011/11/16 08:53:14 | 000,291,176 | ---- | C] () -- D:\Windows\SysWow64\kindling.dll [2011/08/09 08:35:51 | 000,052,550 | ---- | C] () -- D:\Windows\SysWow64\uninst.exe [2011/08/07 10:37:58 | 000,000,051 | ---- | C] () -- D:\Program Files (x86)\10jqkaweb.url [2011/08/05 13:34:23 | 000,018,760 | ---- | C] () -- D:\Windows\SysWow64\QQVistaHelper.dll [2011/08/05 03:13:04 | 000,077,824 | ---- | C] () -- D:\Windows\System_ejectcd.exe [2011/08/05 03:13:04 | 000,036,864 | ---- | C] () -- D:\Windows\CardejectRun.exe [2011/07/18 10:29:32 | 000,000,917 | ---- | C] () -- D:\Users\Xu Huang\AppData\Roaming\coreavc.ini [2011/07/08 09:27:03 | 000,000,733 | ---- | C] () -- D:\Windows\hpntwksetup.ini [2011/06/19 04:57:31 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll [2011/06/18 03:34:47 | 000,077,824 | ---- | C] () -- D:\Windows\KMService.exe [2011/06/18 03:34:47 | 000,008,192 | ---- | C] () -- D:\Windows\SysWow64\srvany.exe [2011/06/18 02:44:21 | 000,000,020 | ---- | C] () -- D:\Windows\SysWow64\pub_store.dat [2011/06/17 13:11:17 | 000,000,256 | ---- | C] () -- D:\Users\Xu Huang\AppData\Roaming\01F0BF97591793 [2011/06/16 14:36:58 | 000,000,056 | -H-- | C] () -- D:\ProgramData\ezsidmv.dat [2011/06/14 15:45:18 | 000,735,646 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI [2011/06/14 11:55:07 | 000,123,832 | ---- | C] () -- D:\Users\Xu Huang\AppData\Local\GDIPFONTCACHEV1.DAT [2011/06/13 16:21:09 | 000,051,270 | ---- | C] () -- D:\Users\Xu Huang\AppData\Roaming\room_v3.dat [2011/05/13 02:56:30 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin [2011/05/13 02:46:50 | 000,002,975 | ---- | C] () -- D:\Windows\SysWow64\atipblup.dat [2011/01/14 04:20:50 | 000,960,940 | ---- | C] () -- D:\Windows\SysWow64\igkrng600.bin [2011/01/14 04:20:50 | 000,206,952 | ---- | C] () -- D:\Windows\SysWow64\igfcg600m.bin [2011/01/14 04:20:50 | 000,145,804 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng600.bin [2011/01/14 04:20:50 | 000,002,975 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat [2009/07/14 01:32:39 | 000,043,318 | ---- | C] () -- D:\Windows\Fonts\GlobalUserInterface.CompositeFont [2009/07/14 01:32:39 | 000,029,779 | ---- | C] () -- D:\Windows\Fonts\GlobalSerif.CompositeFont [2009/07/14 01:32:39 | 000,026,489 | ---- | C] () -- D:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009/07/14 01:32:39 | 000,026,040 | ---- | C] () -- D:\Windows\Fonts\GlobalMonospace.CompositeFont [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT [2009/07/13 22:35:42 | 000,001,405 | ---- | C] () -- D:\Windows\msdfmap.ini [2009/07/13 22:34:57 | 000,000,478 | ---- | C] () -- D:\Windows\win.ini [2009/07/13 22:34:57 | 000,000,219 | ---- | C] () -- D:\Windows\system.ini [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll [2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- D:\Windows\SysWow64\igkrng500.bin [2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- D:\Windows\SysWow64\igfcg500.bin [2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- D:\Windows\SysWow64\igfcg500m.bin [2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng500.bin [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat [2009/02/04 05:50:32 | 000,024,576 | ---- | C] () -- D:\Windows\SysWow64\nsis_loader.dll ========== LOP Check ========== [2011/08/08 19:49:56 | 000,000,000 | ---D | M] -- D:\ProgramData\360safe [2012/01/30 15:03:15 | 000,000,000 | ---D | M] -- D:\ProgramData\360SD [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data [2011/11/19 15:57:39 | 000,000,000 | ---D | M] -- D:\ProgramData\Baidu [2011/06/14 11:54:21 | 000,000,000 | ---D | M] -- D:\ProgramData\BOINC [2011/08/13 10:22:24 | 000,000,000 | ---D | M] -- D:\ProgramData\CCTV [2011/05/13 02:38:22 | 000,000,000 | ---D | M] -- D:\ProgramData\DDNi [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents [2011/05/13 03:11:50 | 000,000,000 | ---D | M] -- D:\ProgramData\eSellerate [2011/05/13 03:25:24 | 000,000,000 | ---D | M] -- D:\ProgramData\Evernote [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites [2011/06/22 05:40:07 | 000,000,000 | ---D | M] -- D:\ProgramData\Fetion [2011/10/23 10:10:38 | 000,000,000 | ---D | M] -- D:\ProgramData\Jlcm [2012/03/30 03:18:41 | 000,000,000 | ---D | M] -- D:\ProgramData\Local [2011/09/13 16:14:47 | 000,000,000 | ---D | M] -- D:\ProgramData\mquadr.at [2011/07/17 11:55:36 | 000,000,000 | ---D | M] -- D:\ProgramData\Persist [2011/06/14 15:44:02 | 000,000,000 | ---D | M] -- D:\ProgramData\PPLive [2012/04/10 07:49:32 | 000,000,000 | ---D | M] -- D:\ProgramData\QvodPlayer [2011/05/13 02:52:49 | 000,000,000 | ---D | M] -- D:\ProgramData\Roaming [2011/05/13 03:12:39 | 000,000,000 | ---D | M] -- D:\ProgramData\SmartSound Software Inc [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu [2012/04/01 10:02:51 | 000,000,000 | ---D | M] -- D:\ProgramData\Storm [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates [2011/08/05 13:44:18 | 000,000,000 | ---D | M] -- D:\ProgramData\Tencent [2011/06/18 02:43:45 | 000,000,000 | ---D | M] -- D:\ProgramData\Thunder Network [2012/04/11 09:29:50 | 000,000,000 | ---D | M] -- D:\ProgramData\UDM [2012/03/30 03:14:52 | 000,000,000 | ---D | M] -- D:\ProgramData\UDM_21168 [2011/06/15 15:46:27 | 000,000,000 | ---D | M] -- D:\ProgramData\VirtualizedApplications [2012/04/01 10:07:24 | 000,000,000 | ---D | M] -- D:\ProgramData\WtDashboard [2011/06/18 02:45:05 | 000,000,000 | ---D | M] -- D:\ProgramData\Xunlei [2011/05/13 02:38:23 | 000,000,000 | -H-D | M] -- D:\ProgramData\{2BD4D073-FF7E-46C6-B916-02F1AF376300} [2011/08/28 14:19:21 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/04/11 11:32:42 | 000,032,566 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012/04/11 18:35:30 | 000,000,292 | ---- | M] ()(D:\Windows\tasks\360????????????.job) -- D:\Windows\tasks\360开机加速延迟启动任务计划.job [2012/04/10 04:23:32 | 000,000,000 | ---D | M](D:\Users\Xu Huang\Desktop\????????) -- D:\Users\Xu Huang\Desktop\证券从业资格考试 [2012/04/10 04:03:33 | 000,000,000 | ---D | M](D:\????????) -- D:\黄旭证书和成绩单 [2012/03/28 13:20:39 | 000,000,000 | ---D | M](D:\Users\Xu Huang\Documents\Outlook ??) -- D:\Users\Xu Huang\Documents\Outlook 文件 [2012/03/25 06:51:03 | 000,000,000 | ---D | C](D:\Users\Xu Huang\Desktop\????????) -- D:\Users\Xu Huang\Desktop\证券从业资格考试 [2012/03/08 03:12:16 | 000,001,907 | ---- | M] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\??.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\快播.lnk [2012/02/06 05:29:24 | 000,001,122 | ---- | M] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\??2012.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\飞信2012.lnk [2012/02/06 05:29:24 | 000,001,122 | ---- | C] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\??2012.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\飞信2012.lnk [2011/12/27 07:15:53 | 000,001,907 | ---- | C] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\??.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\快播.lnk [2011/12/07 06:27:56 | 000,001,209 | ---- | M] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\360????.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\360软件管家.lnk [2011/12/07 06:27:56 | 000,001,065 | ---- | M] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\360????.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\360安全卫士.lnk [2011/09/10 05:30:18 | 000,000,000 | ---D | C](D:\Users\Xu Huang\Documents\Outlook ??) -- D:\Users\Xu Huang\Documents\Outlook 文件 [2011/08/25 04:24:55 | 000,001,209 | ---- | C] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\360????.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\360软件管家.lnk [2011/08/25 04:24:55 | 000,001,065 | ---- | C] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\360????.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\360安全卫士.lnk [2011/08/08 03:39:28 | 000,000,000 | ---D | M](D:\Program Files (x86)\VS??????) -- D:\Program Files (x86)\VS竞技游戏平台 [2011/08/08 03:39:28 | 000,000,000 | ---D | M](D:\Program Files (x86)\VS??????) -- D:\Program Files (x86)\VS竞技游戏平台 [2011/08/08 03:39:26 | 000,001,001 | ---- | M] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VS??????.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VS竞技游戏平台.lnk [2011/08/08 03:39:26 | 000,001,001 | ---- | C] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VS??????.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VS竞技游戏平台.lnk [2011/08/08 03:39:25 | 000,000,977 | ---- | M] ()(D:\Users\boinc_master\Desktop\VS??????.lnk) -- D:\Users\boinc_master\Desktop\VS竞技游戏平台.lnk [2011/08/08 03:39:25 | 000,000,977 | ---- | C] ()(D:\Users\boinc_master\Desktop\VS??????.lnk) -- D:\Users\boinc_master\Desktop\VS竞技游戏平台.lnk [2011/08/07 11:07:32 | 000,001,072 | ---- | M] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\??????.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\浩方电竞平台.lnk [2011/08/07 11:07:32 | 000,001,072 | ---- | C] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\??????.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\浩方电竞平台.lnk [2011/08/07 10:37:58 | 000,001,945 | ---- | M] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\???.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\同花顺.lnk [2011/08/07 10:37:58 | 000,001,945 | ---- | C] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\???.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\同花顺.lnk [2011/08/07 10:37:55 | 000,001,921 | ---- | M] ()(D:\Users\Xu Huang\Desktop\???.lnk) -- D:\Users\Xu Huang\Desktop\同花顺.lnk [2011/08/07 10:37:55 | 000,001,921 | ---- | C] ()(D:\Users\Xu Huang\Desktop\???.lnk) -- D:\Users\Xu Huang\Desktop\同花顺.lnk [2011/08/07 10:37:43 | 000,000,000 | ---D | M](D:\Program Files (x86)\?????) -- D:\Program Files (x86)\同花顺软件 [2011/08/07 10:37:43 | 000,000,000 | ---D | M](D:\Program Files (x86)\?????) -- D:\Program Files (x86)\同花顺软件 [2011/08/05 13:34:55 | 000,002,197 | ---- | M] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\??QQ.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\腾讯QQ.lnk [2011/08/05 13:34:55 | 000,002,197 | ---- | C] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\??QQ.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\腾讯QQ.lnk [2011/07/17 11:54:13 | 000,000,989 | ---- | M] ()(D:\Users\boinc_master\Desktop\????.lnk) -- D:\Users\boinc_master\Desktop\暴风影音.lnk [2011/07/17 11:54:13 | 000,000,989 | ---- | C] ()(D:\Users\boinc_master\Desktop\????.lnk) -- D:\Users\boinc_master\Desktop\暴风影音.lnk [2011/07/17 11:54:13 | 000,000,963 | ---- | M] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\暴风影音.lnk [2011/07/17 11:54:13 | 000,000,963 | ---- | C] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\暴风影音.lnk [2011/06/17 13:09:28 | 000,001,053 | ---- | M] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\360??.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\360压缩.lnk [2011/06/17 13:09:28 | 000,001,053 | ---- | C] ()(D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\360??.lnk) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\360压缩.lnk [2011/06/17 13:09:26 | 000,001,029 | ---- | M] ()(D:\Users\boinc_master\Desktop\360??.lnk) -- D:\Users\boinc_master\Desktop\360压缩.lnk [2011/06/17 13:09:26 | 000,001,029 | ---- | C] ()(D:\Users\boinc_master\Desktop\360??.lnk) -- D:\Users\boinc_master\Desktop\360压缩.lnk [2011/06/15 13:28:03 | 000,000,292 | ---- | C] ()(D:\Windows\tasks\360????????????.job) -- D:\Windows\tasks\360开机加速延迟启动任务计划.job [2011/06/13 15:28:10 | 000,000,000 | -H-D | M](D:\?????) -- D:\萝萝文件夹 [2011/06/13 15:26:00 | 000,000,000 | ---D | M](D:\????) -- D:\照片集合 [2011/06/13 15:08:35 | 000,000,000 | ---D | M](D:\???) -- D:\法国游 [2011/06/13 15:03:23 | 000,000,000 | ---D | M](D:\??) -- D:\学习 [2009/10/25 18:38:11 | 000,000,000 | ---D | C](D:\???) -- D:\法国游 [2009/08/23 00:53:31 | 000,000,000 | ---D | C](D:\????) -- D:\照片集合 [2009/03/31 21:19:21 | 000,000,000 | ---D | C](D:\????????) -- D:\黄旭证书和成绩单 [2009/02/06 08:42:36 | 000,000,000 | -H-D | C](D:\?????) -- D:\萝萝文件夹 [2009/02/06 08:33:55 | 000,000,000 | ---D | C](D:\??) -- D:\学习 (D:\Users\Xu Huang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VS??????) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VS竞技游戏平台 (D:\Users\Xu Huang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360????) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360安全中心 (D:\Users\Xu Huang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360??) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360压缩 (D:\Users\Xu Huang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- D:\Users\Xu Huang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 (D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win7???????) -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win7防游戏花屏补丁 (D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VS??????) -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VS竞技游戏平台 (D:\ProgramData\Microsoft\Windows\Start Menu\Programs\360????) -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全中心 (D:\ProgramData\Microsoft\Windows\Start Menu\Programs\360??) -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\360压缩 (D:\ProgramData\Microsoft\Windows\Start Menu\Programs\11????) -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\11对战平台 (D:\ProgramData\Microsoft\Windows\Start Menu\Programs\????????????) -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\中国银河证券股份有限公司 (D:\ProgramData\Microsoft\Windows\Start Menu\Programs\?????????) -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\中国电信无线客户端 (D:\ProgramData\Microsoft\Windows\Start Menu\Programs\????????) -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\申银万国网上交易 (D:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????) -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\同花顺独立委托 (D:\ProgramData\Microsoft\Windows\Start Menu\Programs\??????) -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\浩方电竞平台 (D:\ProgramData\Microsoft\Windows\Start Menu\Programs\??????) -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\中国移动飞信 (D:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件 (D:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度影音 (D:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\暴风影音 (D:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\快播软件 (D:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\德邦证券 (D:\ProgramData\Microsoft\Windows\Start Menu\Programs\???) -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\同花顺 (D:\Program Files (x86)\VS??????) -- D:\Program Files (x86)\VS竞技游戏平台 (D:\Program Files (x86)\?????) -- D:\Program Files (x86)\同花顺软件 < End of report > |
12.04.2012, 11:37 | #2 |
/// Malware-holic | Weißer Bildschirm (SUISA) -Warte Sie Verbindung wird hergestellt auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
__________________rein: Code:
ATTFilter :OTL O4 - HKU\Xu_Huang_ON_D..\Run: [lmfvMDBr3jNvGGM] D:\Users\Xu Huang\AppData\Roaming\bstr55uhjzd.exe (cambi taceva) O7 - HKU\Xu_Huang_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O7 - HKU\Xu_Huang_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\Xu_Huang_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O20 - HKU\Xu_Huang_ON_D Winlogon: Shell - (C:\Users\Xu Huang\AppData\Roaming\bstr55uhjzd.exe) - D:\Users\Xu Huang\AppData\Roaming\bstr55uhjzd.exe (cambi taceva) O20 - HKU\Xu_Huang_ON_D Winlogon: UserInit - (C:\Users\Xu Huang\AppData\Roaming\bstr55uhjzd.exe) - D:\Users\Xu Huang\AppData\Roaming\bstr55uhjzd.exe (cambi taceva) :Files D:\Users\Xu Huang\AppData\Roaming\bstr55uhjzd.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ |
12.04.2012, 17:02 | #3 |
| Weißer Bildschirm (SUISA) -Warte Sie Verbindung wird hergestellt Danke. Ich habe es versucht. Aber ich habe Problem beim Hochladen von diesem Code. Ich möchte Button Fix klicken. Aber es geht nicht. Anstatt gibt es eine Warnung: Access violation at address 7CA0C936 in module shell32.dll. Read of address 00000006.
__________________Was soll ich tun jetzt? Danke dir noch einmal. |
12.04.2012, 17:51 | #4 |
/// Malware-holic | Weißer Bildschirm (SUISA) -Warte Sie Verbindung wird hergestellt da steht ja, wenn es nicht klappt, fix manuell eintragen, also per hand
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Weißer Bildschirm (SUISA) -Warte Sie Verbindung wird hergestellt |
adobe, autorun, bho, bildschirm, bonjour, computer, computern, defender, disabletaskmgr, download, error, explorer, fehler, file, firefox, format, home, igdpmd64.sys, launch, log file, logfile, paysafecard, plug-in, problem, realtek, registry, scan, sierra, software, starten, suche, tencent, version=1.0, weißer bildschirm warte verbindung hergestellt, wörter, zahlung |