Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.05.2010, 13:39   #1
flamer
 
Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung - Standard

Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung



Hi,
mein Problem ist wie folgt. Mein Vater hat meinen PC zum durchforsten seiner USB-Sticks verwendet. Als ich wiederkam, war der PC noch an, jedoch war er 100%-tig ausgelastet. Der Bildschirm ist komplett schwarz und das Überlastungssymbol der Maus leuchtet auf. Die Taskleiste kann man noch sehen und auch benutzen, jedoch ist es sinnlos irgendwas zu öffnen, da man es eh nicht sieht. Den Taskanager kann man sehen und auch benutzen, aber geöffnete Programme werden wie erwähnt ausgeblendet.
Nach einem Neustart sah ich im Bericht von Avira Antivir-Guard, dass der Virus Trojaner TR/ Dropper.Gen gefunden wurde udn in Quarantäne verlegt wurde. (Dieser wurde offensichtlich in einem externen Datenspeicher gefunden. Meines Vaters USB-Sticks -.-")
Außerdem wurde der Virus Trojaner TR/ Dropper.Gen2 in einer exe unter C:// Programme gefunden. Dieser wurde auch in Quarantänge geschoben.
ALs ich den PC nun normal gebrauchen wollte, fiel mir auf, dass er zu stark ausgelastet war. ICh hatte nichts laufen, jedoch betrug die Auslastung 100%. (ich benutze Vista-32 Bit.)
Daraufhin befolgte ich die Anweisungen in diesem Thread h**p://www.pc-special.net/sicherheit-viren-und-spam-f14/trojaner-tr-dropper-gen2-wie-sicher-entfernen-t29250.html .

Ich installierte CCleaner und updatete alle Virenprogramme -Avira Antivir, Spyware Doctor und Norton Security Scan. Ich rebootete im abgesicherten Modus, lief alle Programme durchlaufen. Nichts wurde gefunden. ICh lies CCleaner durchlaufen.
Nun dachte ich, dass alles gelöst sei und startete normal. Der PC ist immernoch viel zu leicht ausgelastet und wenn ich einen Virenscan starte, zB mit Avira, dann vergehen keine 10 Minuten, bis wieder die SItuation des Schwarzbildschirmes eintritt.
(Ich habe im abgesicherten Modus viele Mal scannen lassen, aber ich finde nichts.)

Ich hoffe, ihr könnt mir helfen und bedanke mich schonmal im Voraus.
MfG

Alt 09.05.2010, 20:47   #2
flamer
 
Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung - Standard

Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung



Hatte heute leider keine Zeit mehr. Momentan ist es so, dass ich mit dem PC arbeiten kann, jedoch überlastet er sich sehr leicht; was ich an meiner Vista Toolbar sehe. edit: Ich wollte hinzufügen, dass ich eine chin. Version von Vista benutze. 100% Original
Hier Malwarebytes Befund:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4083

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18904

2010/5/9 21:19:19
mbam-log-2010-05-09 (21-19-19).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 322211
Time elapsed: 1 hour(s), 0 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
         
hier logfiles:
info:
Code:
ATTFilter
info.txt logfile of random's system information tool 1.06 2010-05-09 21:25:30

======Uninstall list======

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
ACDSee 10 (Simplified Chinese)-->MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3 - Chinese Simplified-->MsiExec.exe /I{AC76BA86-7AD7-2052-7B44-A91000000001}
Adobe Shockwave Player-->MsiExec.exe /X{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}
AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe"  -uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DigitalPersona Personal 3.0.1-->MsiExec.exe /I{AE72E414-0935-4AC8-B7D6-12E3039BEC13}
ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google 地球-->MsiExec.exe /X{08C0729E-3E50-11DF-9D81-005056806466}
Google 软件精选管理器-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}\setup.exe" -l0x9  -removeonly
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}\setup.exe" -l0x9  -removeonly
HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.40 D3-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0804 uninst
HP QuickPlay 3.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe"  -uninstall
HP QuickTouch 1.00 D2-->MsiExec.exe /I{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}
HP Smart Web Printing 4.60-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0101-->MsiExec.exe /I{22712FAD-DE04-4D50-82A6-3C7AC5D55AA2}
HP Wireless Assistant-->MsiExec.exe /I{340F521E-3576-4E1A-B75C-EB0ACF751379}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
ICQ7-->"C:\Program Files\InstallShield Installation Information\{88EB38EF-4D2C-436D-ABD3-56B232674062}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x804 -remove -removeonly
Imagine Fashion Designer-->"C:\Program Files\InstallShield Installation Information\{DAE76241-A047-407E-9237-26120C7BA6CE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JMicron JMB38X Flash Media Controller-->"C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" delpkg
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe"  -uninstall
LightScribe System Software  1.12.33.2-->MsiExec.exe /X{582287DA-0806-4AC0-BF19-C15E3A466034}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - chs-->MsiExec.exe /I{54E51672-DC3D-3204-BBF9-3AAF25CFF8AE}
Microsoft .NET Framework 3.5 SP1 语言包 - 简体中文-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - chs\setup.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}\muveesetup.exe -removeonly -runfromtemp
Nokia Connectivity Cable Driver-->MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia Lifeblog 2.5-->MsiExec.exe /I{E94603CA-2996-4154-8EE2-A5FCD4BFB500}
Nokia NSeries Application Installer 6.82.17-->msiexec /qn /x {903F2FE9-1751-4894-9D10-702F3AA0D6D5}
Nokia NSeries Application Installer-->MsiExec.exe /I{903F2FE9-1751-4894-9D10-702F3AA0D6D5}
Nokia NSeries Content Copier 6.82.17-->msiexec /qn /x {BBC12E6C-C32F-470A-BF15-5A8C21066D1A}
Nokia NSeries Content Copier-->MsiExec.exe /X{BBC12E6C-C32F-470A-BF15-5A8C21066D1A}
Nokia NSeries Multimedia Player 6.82.17-->msiexec /qn /x {C701040C-9CBD-4321-9CA3-8305E3EA26B6}
Nokia NSeries Multimedia Player-->MsiExec.exe /I{C701040C-9CBD-4321-9CA3-8305E3EA26B6}
Nokia NSeries One Touch Access 6.82.17-->msiexec /qn /x {A817131B-177D-4FB9-8317-C91138013600}
Nokia NSeries One Touch Access-->MsiExec.exe /I{A817131B-177D-4FB9-8317-C91138013600}
Nokia NSeries System Utilities 6.82.17-->msiexec /qn /x {B0CC883F-D14A-4EBA-9355-4D23B223CF05}
Nokia NSeries System Utilities-->MsiExec.exe /X{B0CC883F-D14A-4EBA-9355-4D23B223CF05}
Nokia Software Launcher-->MsiExec.exe /I{41BBDC08-ACFF-48C2-BD81-CA154C841351}
Nokia Software Updater-->MsiExec.exe /X{F1C1272D-FEE6-4B24-862C-01F4959997E2}
Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OGA Notifier 1.7.0105.14.0-->MsiExec.exe /I{8B4F2108-7395-4951-A7BE-86DA108A001C}
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe"  -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
ProtectSmart Hard Drive Protection-->MsiExec.exe /X{120B6A04-30AD-4F9B-B8C9-258D4285865E}
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
QuickPlay SlingPlayer 0.4.6-->"C:\Program Files\HP\QuickPlay\unins000.exe"
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0804 -removeonly
SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung New PC Studio USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{AF7E85DC-317C-47F5-810E-B82EE093A612}\setup.exe" -runfromtemp -l0x0407 -removeonly
Samsung New PC Studio USB Driver Installer-->MsiExec.exe /I{AF7E85DC-317C-47F5-810E-B82EE093A612}
Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x0407 -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB980470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {34573F17-DADE-4D0D-835F-A54A1DE8AC1F}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SiSoftware Sandra Lite 2010.SP1d-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\unins000.exe"
Skype(TM) 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SoftStylus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{879B6710-E456-4993-9925-1A384591E7E1}\setup.exe" -l0x804  -removeonly
Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins001.exe /LOG
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb981433)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A6859A6-042D-4DF7-84E2-79F8DEFB5D48}
Update f黵 Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update f黵 Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30}
Update f黵 Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update f黵 Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
Validity Sensors software-->MsiExec.exe /X{567E8236-C414-4888-8211-3D61608D57AE}
Windows Live Messenger-->MsiExec.exe /I{D7A2654B-BE52-489F-8FCD-EFCC67FDF007}
Windows 驱动程序包 - Nokia pccsmcfd  (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
WinRAR 压缩文件管理器-->C:\Program Files\WinRAR\uninstall.exe
腾讯QQ2009-->MsiExec.exe /X{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}
迅雷看看播放器-->C:\Program Files\Thunder Network\Xmp\Uninstall.exe

======System event log======

Computer Name: Zhang-PC
Event Code: 7036
Message: COM+ Event System 服务处于 正在运行 状态。
Record Number: 301743
Source Name: Service Control Manager
Time Written: 20091223140743.000000-000
Event Type: 信息
User: 

Computer Name: Zhang-PC
Event Code: 7036
Message: Themes 服务处于 正在运行 状态。
Record Number: 301742
Source Name: Service Control Manager
Time Written: 20091223140743.000000-000
Event Type: 信息
User: 

Computer Name: Zhang-PC
Event Code: 7036
Message: Group Policy Client 服务处于 正在运行 状态。
Record Number: 301741
Source Name: Service Control Manager
Time Written: 20091223140743.000000-000
Event Type: 信息
User: 

Computer Name: Zhang-PC
Event Code: 7036
Message: User Profile Service 服务处于 正在运行 状态。
Record Number: 301740
Source Name: Service Control Manager
Time Written: 20091223140743.000000-000
Event Type: 信息
User: 

Computer Name: Zhang-PC
Event Code: 7036
Message: Software Licensing 服务处于 正在运行 状态。
Record Number: 301739
Source Name: Service Control Manager
Time Written: 20091223140743.000000-000
Event Type: 信息
User: 

=====Application event log=====

Computer Name: Zhang-PC
Event Code: 1
Message: 
Record Number: 57657
Source Name: Nokia Lifeblog
Time Written: 20090827071546.000000-000
Event Type: 警告
User: 

Computer Name: Zhang-PC
Event Code: 1
Message: 
Record Number: 57656
Source Name: Nokia Lifeblog
Time Written: 20090827071546.000000-000
Event Type: 警告
User: 

Computer Name: Zhang-PC
Event Code: 1
Message: 
Record Number: 57655
Source Name: Nokia Lifeblog
Time Written: 20090827071545.000000-000
Event Type: 警告
User: 

Computer Name: Zhang-PC
Event Code: 1
Message: 
Record Number: 57654
Source Name: Nokia Lifeblog
Time Written: 20090827071545.000000-000
Event Type: 警告
User: 

Computer Name: Zhang-PC
Event Code: 1
Message: 
Record Number: 57653
Source Name: Nokia Lifeblog
Time Written: 20090827071545.000000-000
Event Type: 警告
User: 

=====Security event log=====

Computer Name: Zhang-PC
Event Code: 4907
Message: 对象的审核设置已更改。

主题:
	安全 ID:		S-1-5-18
	帐户名称:		ZHANG-PC$
	帐户域:		WORKGROUP
	登录 ID:		0x3e7

对象:
	对象服务器:	Security
	对象类型:	File
	对象名称:	C:\Windows\System32\nb-NO\msimsg.dll.mui
	句柄 ID:	0x18

进程信息:
	进程 ID:	0x1124
	进程名称:	C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe

审核设置:
	原始安全描述符:	
	新安全描述符:		S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 21728
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090807124021.040000-000
Event Type: 审核成功
User: 

Computer Name: Zhang-PC
Event Code: 4907
Message: 对象的审核设置已更改。

主题:
	安全 ID:		S-1-5-18
	帐户名称:		ZHANG-PC$
	帐户域:		WORKGROUP
	登录 ID:		0x3e7

对象:
	对象服务器:	Security
	对象类型:	File
	对象名称:	C:\Windows\System32\nl-NL\msimsg.dll.mui
	句柄 ID:	0x18

进程信息:
	进程 ID:	0x1124
	进程名称:	C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe

审核设置:
	原始安全描述符:	
	新安全描述符:		S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 21727
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090807124020.976000-000
Event Type: 审核成功
User: 

Computer Name: Zhang-PC
Event Code: 4907
Message: 对象的审核设置已更改。

主题:
	安全 ID:		S-1-5-18
	帐户名称:		ZHANG-PC$
	帐户域:		WORKGROUP
	登录 ID:		0x3e7

对象:
	对象服务器:	Security
	对象类型:	File
	对象名称:	C:\Windows\System32\lt-LT\msimsg.dll.mui
	句柄 ID:	0x18

进程信息:
	进程 ID:	0x1124
	进程名称:	C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe

审核设置:
	原始安全描述符:	
	新安全描述符:		S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 21726
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090807124020.932000-000
Event Type: 审核成功
User: 

Computer Name: Zhang-PC
Event Code: 4907
Message: 对象的审核设置已更改。

主题:
	安全 ID:		S-1-5-18
	帐户名称:		ZHANG-PC$
	帐户域:		WORKGROUP
	登录 ID:		0x3e7

对象:
	对象服务器:	Security
	对象类型:	File
	对象名称:	C:\Windows\System32\MUI\0804\mscorees.dll
	句柄 ID:	0x18

进程信息:
	进程 ID:	0x1124
	进程名称:	C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe

审核设置:
	原始安全描述符:	
	新安全描述符:		S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 21725
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090807124020.870000-000
Event Type: 审核成功
User: 

Computer Name: Zhang-PC
Event Code: 4907
Message: 对象的审核设置已更改。

主题:
	安全 ID:		S-1-5-18
	帐户名称:		ZHANG-PC$
	帐户域:		WORKGROUP
	登录 ID:		0x3e7

对象:
	对象服务器:	Security
	对象类型:	File
	对象名称:	C:\Windows\System32\ar-SA\msimsg.dll.mui
	句柄 ID:	0x18

进程信息:
	进程 ID:	0x1124
	进程名称:	C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe

审核设置:
	原始安全描述符:	
	新安全描述符:		S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 21724
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090807124020.739000-000
Event Type: 审核成功
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go;C:\Program Files\Common Files\Thunder Network\KanKan\Codecs;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1d
"SAFEBOOT_OPTION"=MINIMAL

-----------------EOF-----------------
         

log:
Code:
ATTFilter
Logfile of random's system information tool 1.07 (written by random/random)
Run by Zhang at 2010-05-09 21:27:18
Microsoft? Windows Vista? Home Basic  Service Pack 2
System drive C: has 166 GB (72%) free of 230 GB
Total RAM: 2044 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:27:20, on 2010/5/9
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Zhang\Desktop\RSIT.exe
C:\Users\Zhang\Desktop\RSIT.exe
C:\Program Files\trend micro\Zhang.exe

O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -systray -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: DSL-Manager.lnk = C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL 工具栏搜索 - C:\ProgramData\AOL\ieToolbar\resources\zh-CN\local\search.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\Bin\AddEmotion.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: 显示或隐藏 HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - ESC Trusted Zone: hxxp://*.update.microsoft.com
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\aestsrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google 更新服务 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\RpcAgentSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 9960 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForZhang.job
C:\Windows\tasks\Norton Security Scan for Zhang.job
C:\Windows\tasks\User_Feed_Synchronization-{D4196F63-BBB2-4B50-82CB-D3DFE3A6DF6A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-14 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2008-01-21 217088]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-11-01 554288]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-24 222504]
"DpAgent"=C:\Program Files\DigitalPersona\Bin\dpagent.exe [2008-03-12 699456]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-04-23 468264]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 80896]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-20 30192]
"Google Updater"=C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2009-03-24 161776]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"NSLauncher"=C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [2007-10-01 3104768]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-06-03 450652]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-23 13797920]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"NPSStartup"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-02-26 2289664]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-20 39408]
"Steam"=c:\program files\steam\steam.exe [2010-05-07 1238352]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-04-07 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acdseemc.exe]
C:\Program Files\Common Files\ACD Systems\ACDSeeMC.exe [2008-01-08 214352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4639369c-5d1b-11de-8d6a-001eecacb23e}]
shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e742e16e-194f-11de-837f-001eecacb23e}]
shell\AutoRun\command - rundll32.exe .dll,XxKOo
shell\open\command - rundll32.exe .\.dll,XxKOo


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-05-09 21:25:15 ----A---- C:\Windows\ntbtlog.txt
2010-05-09 18:58:18 ----D---- C:\Program Files\trend micro
2010-05-09 18:58:17 ----D---- C:\rsit
2010-05-09 16:56:56 ----D---- C:\Users\Zhang\AppData\Roaming\Malwarebytes
2010-05-09 16:56:40 ----D---- C:\ProgramData\Malwarebytes
2010-05-09 16:56:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-07 14:28:31 ----D---- C:\Program Files\CCleaner
2010-05-05 23:24:06 ----D---- C:\ProgramData\WindowsSearch
2010-05-02 19:59:30 ----A---- C:\Windows\system32\javaws.exe
2010-05-02 19:59:30 ----A---- C:\Windows\system32\javaw.exe
2010-05-02 19:59:30 ----A---- C:\Windows\system32\java.exe
2010-05-02 19:59:30 ----A---- C:\Windows\system32\deployJava1.dll
2010-04-22 16:34:11 ----D---- C:\Users\Zhang\AppData\Roaming\HPAppData
2010-04-14 14:51:57 ----A---- C:\ProgramData\xmlEB0C.tmp
2010-04-14 14:51:57 ----A---- C:\ProgramData\xmlE9D3.tmp
2010-04-14 14:51:56 ----A---- C:\ProgramData\xmlE6B6.tmp
2010-04-14 14:31:39 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-04-14 14:31:39 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-04-14 14:31:38 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-04-14 14:31:38 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-04-14 14:31:38 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-04-14 14:31:37 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-04-14 14:31:37 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-04-14 14:31:37 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-04-14 14:31:36 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-04-14 14:31:36 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-04-14 14:31:36 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-04-14 14:31:35 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-04-14 14:31:35 ----A---- C:\Windows\system32\d3dx10_41.dll
2010-04-14 14:31:35 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2010-04-14 14:31:34 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-04-14 14:31:34 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-04-14 14:31:33 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-04-14 14:31:32 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-04-14 14:31:32 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-04-14 14:31:32 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-04-14 14:31:31 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-04-14 14:31:31 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-04-14 14:31:31 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-04-14 14:31:31 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-04-14 14:31:30 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-04-14 14:31:30 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-04-14 14:31:30 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-04-14 14:31:30 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-04-14 14:31:29 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-04-14 14:31:29 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-04-14 14:31:29 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-04-14 14:31:28 ----A---- C:\Windows\system32\XAudio2_1.dll
2010-04-14 14:31:28 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2010-04-14 14:31:28 ----A---- C:\Windows\system32\xactengine3_1.dll
2010-04-14 14:31:28 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2010-04-14 14:31:28 ----A---- C:\Windows\system32\d3dx10_38.dll
2010-04-14 14:31:28 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2010-04-14 14:31:27 ----A---- C:\Windows\system32\XAudio2_0.dll
2010-04-14 14:31:27 ----A---- C:\Windows\system32\D3DX9_38.dll
2010-04-14 14:31:26 ----A---- C:\Windows\system32\xactengine3_0.dll
2010-04-14 14:31:26 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2010-04-14 14:31:26 ----A---- C:\Windows\system32\d3dx10_37.dll
2010-04-14 14:31:26 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2010-04-14 14:31:25 ----A---- C:\Windows\system32\xactengine2_10.dll
2010-04-14 14:31:25 ----A---- C:\Windows\system32\D3DX9_37.dll
2010-04-14 14:31:24 ----A---- C:\Windows\system32\d3dx9_36.dll
2010-04-14 14:31:24 ----A---- C:\Windows\system32\d3dx10_36.dll
2010-04-14 14:31:24 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2010-04-14 14:31:23 ----A---- C:\Windows\system32\xactengine2_9.dll
2010-04-14 14:31:23 ----A---- C:\Windows\system32\d3dx9_35.dll
2010-04-14 14:31:23 ----A---- C:\Windows\system32\d3dx10_35.dll
2010-04-14 14:31:23 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2010-04-14 14:31:22 ----A---- C:\Windows\system32\xactengine2_8.dll
2010-04-14 14:31:22 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2010-04-14 14:31:22 ----A---- C:\Windows\system32\d3dx10_34.dll
2010-04-14 14:31:22 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2010-04-14 14:31:21 ----A---- C:\Windows\system32\xinput1_3.dll
2010-04-14 14:31:21 ----A---- C:\Windows\system32\xactengine2_7.dll
2010-04-14 14:31:21 ----A---- C:\Windows\system32\d3dx9_34.dll
2010-04-14 14:31:20 ----A---- C:\Windows\system32\d3dx9_33.dll
2010-04-14 14:31:20 ----A---- C:\Windows\system32\d3dx10_33.dll
2010-04-14 14:31:20 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2010-04-14 14:31:19 ----A---- C:\Windows\system32\xactengine2_6.dll
2010-04-14 14:31:19 ----A---- C:\Windows\system32\xactengine2_5.dll
2010-04-14 14:31:16 ----A---- C:\Windows\system32\d3dx10.dll
2010-04-14 14:31:15 ----A---- C:\Windows\system32\xactengine2_4.dll
2010-04-14 14:31:15 ----A---- C:\Windows\system32\x3daudio1_1.dll
2010-04-14 14:31:15 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-04-14 14:31:14 ----A---- C:\Windows\system32\xactengine2_3.dll
2010-04-14 14:31:14 ----A---- C:\Windows\system32\d3dx9_31.dll
2010-04-14 14:31:13 ----A---- C:\Windows\system32\xinput1_2.dll
2010-04-14 14:31:13 ----A---- C:\Windows\system32\xinput1_1.dll
2010-04-14 14:31:13 ----A---- C:\Windows\system32\xactengine2_2.dll
2010-04-14 14:31:12 ----A---- C:\Windows\system32\xactengine2_1.dll
2010-04-14 14:31:08 ----A---- C:\Windows\system32\d3dx9_30.dll
2010-04-14 14:31:07 ----A---- C:\Windows\system32\xactengine2_0.dll
2010-04-14 14:31:07 ----A---- C:\Windows\system32\x3daudio1_0.dll
2010-04-14 14:31:07 ----A---- C:\Windows\system32\d3dx9_29.dll
2010-04-14 14:22:00 ----HD---- C:\Windows\msdownld.tmp
2010-04-14 14:21:52 ----D---- C:\Windows\system32\directx
2010-04-14 14:21:28 ----D---- C:\Program Files\SiSoftware
2010-04-14 12:59:30 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-14 12:59:29 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-14 12:59:23 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-14 12:56:55 ----A---- C:\Windows\system32\vbscript.dll
2010-04-14 12:51:32 ----A---- C:\Windows\system32\wintrust.dll
2010-04-14 12:49:26 ----A---- C:\Windows\system32\cabview.dll

======List of files/folders modified in the last 1 months======

2010-05-09 21:25:15 ----D---- C:\Windows
2010-05-09 20:16:56 ----D---- C:\Windows\Temp
2010-05-09 20:10:19 ----AD---- C:\ProgramData\TEMP
2010-05-09 19:35:18 ----SHD---- C:\System Volume Information
2010-05-09 19:22:56 ----D---- C:\Windows\System32
2010-05-09 19:22:56 ----D---- C:\Windows\inf
2010-05-09 19:22:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-05-09 18:58:18 ----RD---- C:\Program Files
2010-05-09 18:54:40 ----D---- C:\Program Files\Spyware Doctor
2010-05-09 18:52:15 ----D---- C:\Windows\Tasks
2010-05-09 18:52:15 ----D---- C:\Program Files\Steam
2010-05-09 16:56:44 ----D---- C:\Windows\system32\drivers
2010-05-09 16:56:40 ----HD---- C:\ProgramData
2010-05-09 12:39:12 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-05-08 23:08:00 ----D---- C:\ProgramData\Google
2010-05-08 23:08:00 ----D---- C:\Program Files\Google
2010-05-08 23:07:58 ----SHD---- C:\Windows\Installer
2010-05-08 23:01:00 ----D---- C:\ProgramData\Google Updater
2010-05-08 21:48:54 ----D---- C:\Program Files\Common Files\Steam
2010-05-08 13:37:33 ----D---- C:\Users\Zhang\AppData\Roaming\ICQ
2010-05-07 14:33:12 ----D---- C:\Windows\Debug
2010-05-06 22:55:12 ----D---- C:\Windows\system32\catroot2
2010-05-06 21:43:20 ----D---- C:\Program Files\SoftStylus
2010-05-06 14:41:57 ----D---- C:\Windows\system32\config
2010-05-06 14:41:46 ----D---- C:\Windows\system32\Tasks
2010-05-06 14:41:46 ----D---- C:\Windows\system32\spool
2010-05-06 14:41:46 ----D---- C:\Windows\system32\Msdtc
2010-05-06 14:41:40 ----D---- C:\Windows\system32\wbem
2010-05-06 14:41:40 ----D---- C:\Windows\registration
2010-05-05 23:24:29 ----SD---- C:\Users\Zhang\AppData\Roaming\Microsoft
2010-05-03 20:28:36 ----D---- C:\Users\Zhang\AppData\Roaming\Skype
2010-05-02 19:59:13 ----D---- C:\Program Files\Java
2010-04-30 10:10:36 ----D---- C:\Windows\Prefetch
2010-04-28 16:56:39 ----RSD---- C:\Windows\Fonts
2010-04-28 15:04:05 ----D---- C:\Windows\winsxs
2010-04-28 14:23:34 ----D---- C:\Windows\system32\catroot
2010-04-14 20:33:38 ----D---- C:\ProgramData\CyberLink
2010-04-14 16:08:20 ----D---- C:\Program Files\Windows Mail
2010-04-14 15:04:30 ----D---- C:\ProgramData\Microsoft Help
2010-04-14 14:31:12 ----RSD---- C:\Windows\assembly
2010-04-14 14:21:52 ----D---- C:\Windows\Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2009-03-04 66952]
R1 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2009-03-04 81288]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-03-27 34664]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-02-01 166448]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
S1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
S2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BthEnum;Bluetooth 请求阻止驱动程序; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth 设备(个人区域网); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth 端口驱动程序; C:\Windows\System32\Drivers\BTHport.sys [2008-08-25 220160]
S3 BTHUSB;Bluetooth 无线电收发器 USB 驱动程序; C:\Windows\System32\Drivers\BTHUSB.sys [2008-08-25 29184]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
S3 Dot4;MS IEEE-1284.4 驱动程序; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;IEEE-1284.4 的打印类驱动程序; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 Dot4Scan;用于 IEEE-1284.4 的扫描分类驱动程序; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2008-01-21 10752]
S3 dot4usb;Dot4USB 筛选器 Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver; C:\Windows\System32\Drivers\dsltestSp5.sys []
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 HdAudAddService;用于 High Definition Audio 服务的 Microsoft 1.1 UAA 函数驱动程序; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-07-17 97936]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-24 9791072]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Bluetooth 设备(RFCOMM 协议 TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-15 118784]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\WNt500x86\Sandra.sys [2009-08-07 23112]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-06-03 407040]
S3 usbscan;USB 扫描仪驱动程序; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB 视频设备(WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 vfs101x;vfs101x; C:\Windows\system32\drivers\vfs101x.sys [2008-04-27 40752]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\aestsrv.exe [2008-02-12 73728]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-19 267432]
S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 DpHost;Biometric Authentication Service; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2008-03-12 302144]
S2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 gupdate;Google 更新服务 (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
S2 hpqddsvc;HP CUE DeviceDiscovery 服务; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-03-18 19456]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-02-26 73728]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-23 211488]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2008-04-23 292232]
S2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2008-04-23 112008]
S2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-04-25 361808]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
S2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe [2009-06-03 217170]
S2 vfsFPService;Validity Fingerprint Service; C:\Windows\system32\vfsFPService.exe [2008-04-27 599344]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-20 30192]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2008-01-08 148832]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-21 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\RpcAgentSrv.exe [2009-08-10 93336]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-09-23 1141200]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-05-08 390952]
S3 usnjsvc;Messenger 共享文件夹 USN 杂志阅读器服务; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------
         
__________________


Geändert von flamer (09.05.2010 um 21:35 Uhr)

Alt 10.05.2010, 16:57   #3
flamer
 
Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung - Standard

Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung



Hi, hie rein update meiner Situation:

Komischerweise kann ich den PC jetzt wieder normal verwenden. Eine dauerthafte Auslastung von 100% hat sich nicht mehr eingestellt.

Würde aber trotzdem gerne wissen, ob mein PC nun mit höchster Wahrscheinlichkeit Virenfrei ist.
Soll ich Malwarebytes erneut durchlaufen lassen und auch die logfiles von RSIT nochmal posten?

MfG,
Flamer
__________________

Alt 13.05.2010, 19:47   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung - Standard

Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung



Hallo,

Malwarebytes machen wir vllt später nochmal. Von RSIT versuch ich mich zu verabschieden, mach daher erstmal Logfiles mit OTL.exe und poste sie.

Das Problem hat aber nichts mit Deinem anderen Strang zu tun oder? => http://www.trojaner-board.de/85955-t...o-ordnung.html
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.05.2010, 22:17   #5
flamer
 
Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung - Standard

Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung



Hi,
nein, nein
Hier handelt es sich um einen kompeltt anderen PC. ^.^
Hatte hier Malwarebytes kennengelernt und erst dann auf dem anderen Rechner mal benutzt.

Hier die OTL-Logs:


otl.txt:
Zitat:
OTL logfile created on: 2010/5/13 23:00:29 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Zhang\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000804 | Country: 中华人民共和国 | Language: CHS | Date Format: yyyy/M/d

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.19 Gb Total Space | 153.14 Gb Free Space | 68.31% Space Free | Partition Type: NTFS
Drive D: | 8.69 Gb Total Space | 1.62 Gb Free Space | 18.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZHANG-PC
Current User Name: Zhang
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Zhang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\RpcAgentSrv.exe (SiSoftware)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Zhang\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\RpcAgentSrv.exe (SiSoftware)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe (IDT, Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\WNt500x86\sandra.sys (SiSoftware)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (IKSysSec) -- C:\Windows\System32\drivers\iksyssec.sys (PCTools Research Pty Ltd.)
DRV - (IKSysFlt) -- C:\Windows\System32\drivers\iksysflt.sys (PCTools Research Pty Ltd.)
DRV - (IKFileSec) -- C:\Windows\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (vfs101x) -- C:\Windows\System32\drivers\vfs101x.sys (Validity Sensors, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=zh_cn&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=zh_cn&c=83&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=zh_cn&c=83&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.baidu.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.4
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/02 02:02:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 14:03:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/13 17:53:11 | 000,000,000 | ---D | M]

[2008/11/08 14:11:52 | 000,000,000 | ---D | M] -- C:\Users\Zhang\AppData\Roaming\mozilla\Extensions
[2010/05/13 22:21:10 | 000,000,000 | ---D | M] -- C:\Users\Zhang\AppData\Roaming\mozilla\Firefox\Profiles\uexnv9dm.default\extensions
[2010/04/13 22:24:18 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Zhang\AppData\Roaming\mozilla\Firefox\Profiles\uexnv9dm.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/04/28 18:40:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zhang\AppData\Roaming\mozilla\Firefox\Profiles\uexnv9dm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/08 18:00:32 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Zhang\AppData\Roaming\mozilla\Firefox\Profiles\uexnv9dm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/04/28 18:40:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Zhang\AppData\Roaming\mozilla\Firefox\Profiles\uexnv9dm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/02 21:56:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Zhang\AppData\Roaming\mozilla\Firefox\Profiles\uexnv9dm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/02 19:59:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 19:59:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/04 21:00:07 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/04/04 21:00:07 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/04/04 21:00:07 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/04/04 21:00:07 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/04/04 21:00:07 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: &AOL 工具栏搜索 - C:\ProgramData\AOL\ieToolbar\resources\zh-CN\local\search.html ()
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\Bin\AddEmotion.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: 显示或隐藏 HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/24 18:26:14 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4639369c-5d1b-11de-8d6a-001eecacb23e}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{e742e16e-194f-11de-837f-001eecacb23e}\Shell\AutoRun\command - "" = rundll32.exe .dll,XxKOo
O33 - MountPoints2\{e742e16e-194f-11de-837f-001eecacb23e}\Shell\open\Command - "" = rundll32.exe .\.dll,XxKOo
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/13 22:55:48 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Zhang\Desktop\OTL.exe
[2010/05/13 16:33:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/09 18:58:18 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/05/09 18:58:17 | 000,000,000 | ---D | C] -- C:\rsit
[2010/05/09 16:56:56 | 000,000,000 | ---D | C] -- C:\Users\Zhang\AppData\Roaming\Malwarebytes
[2010/05/09 16:56:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/09 16:56:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/09 16:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/09 16:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/07 14:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/05/05 23:28:38 | 000,000,000 | ---D | C] -- C:\Users\Zhang\Documents\2009-4-18车间图片
[2010/05/05 23:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/05/05 23:18:40 | 000,000,000 | ---D | C] -- C:\Users\Zhang\Documents\轨枕
[2010/05/05 23:17:02 | 000,000,000 | ---D | C] -- C:\Users\Zhang\Documents\OneNote-Notizbücher
[2010/05/02 19:59:30 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/02 19:59:30 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/02 19:59:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/02 19:59:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/22 16:34:11 | 000,000,000 | ---D | C] -- C:\Users\Zhang\AppData\Roaming\HPAppData
[2010/04/16 22:17:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\stalker-shoc
[2010/04/14 14:31:39 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010/04/14 14:31:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010/04/14 14:31:38 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010/04/14 14:31:38 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010/04/14 14:31:38 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010/04/14 14:31:37 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010/04/14 14:31:37 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010/04/14 14:31:37 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010/04/14 14:31:36 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010/04/14 14:31:36 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010/04/14 14:31:36 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010/04/14 14:31:35 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010/04/14 14:31:35 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010/04/14 14:31:35 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010/04/14 14:31:34 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010/04/14 14:31:34 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/04/14 14:31:33 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010/04/14 14:31:32 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010/04/14 14:31:32 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010/04/14 14:31:32 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010/04/14 14:31:31 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010/04/14 14:31:31 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010/04/14 14:31:31 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010/04/14 14:31:31 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010/04/14 14:31:30 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010/04/14 14:31:30 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010/04/14 14:31:30 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010/04/14 14:31:30 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010/04/14 14:31:29 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010/04/14 14:31:29 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010/04/14 14:31:29 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010/04/14 14:31:28 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010/04/14 14:31:28 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010/04/14 14:31:28 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010/04/14 14:31:28 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010/04/14 14:31:28 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010/04/14 14:31:28 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010/04/14 14:31:27 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010/04/14 14:31:27 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010/04/14 14:31:26 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010/04/14 14:31:26 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010/04/14 14:31:26 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010/04/14 14:31:26 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010/04/14 14:31:25 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010/04/14 14:31:25 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010/04/14 14:31:24 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010/04/14 14:31:24 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010/04/14 14:31:24 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010/04/14 14:31:23 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010/04/14 14:31:23 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010/04/14 14:31:23 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010/04/14 14:31:23 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010/04/14 14:31:22 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010/04/14 14:31:22 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010/04/14 14:31:22 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010/04/14 14:31:22 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010/04/14 14:31:21 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010/04/14 14:31:21 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010/04/14 14:31:21 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010/04/14 14:31:20 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010/04/14 14:31:20 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010/04/14 14:31:20 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010/04/14 14:31:19 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010/04/14 14:31:19 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010/04/14 14:31:16 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010/04/14 14:31:15 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010/04/14 14:31:15 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010/04/14 14:31:15 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010/04/14 14:31:14 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010/04/14 14:31:14 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010/04/14 14:31:13 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010/04/14 14:31:13 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010/04/14 14:31:13 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010/04/14 14:31:12 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010/04/14 14:31:08 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010/04/14 14:31:07 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010/04/14 14:31:07 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010/04/14 14:31:07 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010/04/14 14:22:00 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010/04/14 14:21:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010/04/14 14:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2010/04/14 12:59:30 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/14 12:59:29 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/14 12:56:55 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/14 12:56:50 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/14 12:56:50 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/13 23:07:58 | 010,223,616 | -HS- | M] () -- C:\Users\Zhang\ntuser.dat
[2010/05/13 23:04:01 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/13 22:58:18 | 001,107,258 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/13 22:58:18 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/13 22:58:18 | 000,317,520 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2010/05/13 22:58:18 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/13 22:58:18 | 000,101,082 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2010/05/13 22:55:59 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Zhang\Desktop\OTL.exe
[2010/05/13 22:55:16 | 000,000,608 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/05/13 22:53:18 | 000,001,657 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/05/13 22:51:58 | 000,651,712 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/05/13 22:51:58 | 000,651,712 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/05/13 22:51:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/13 22:51:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/13 22:51:02 | 000,000,546 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/13 22:50:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/13 22:50:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/13 22:50:29 | 2144,301,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/13 22:49:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/13 22:49:13 | 000,524,288 | -HS- | M] () -- C:\Users\Zhang\ntuser.dat{891e7163-6229-11de-ae8a-001eecacb23e}.TMContainer00000000000000000001.regtrans-ms
[2010/05/13 22:49:13 | 000,065,536 | -HS- | M] () -- C:\Users\Zhang\ntuser.dat{891e7163-6229-11de-ae8a-001eecacb23e}.TM.blf
[2010/05/13 22:49:00 | 001,688,537 | -H-- | M] () -- C:\Users\Zhang\AppData\Local\IconCache.db
[2010/05/13 20:26:53 | 000,000,376 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D4196F63-BBB2-4B50-82CB-D3DFE3A6DF6A}.job
[2010/05/13 17:53:11 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/12 22:23:43 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google 地球.lnk
[2010/05/09 16:56:47 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/09 16:42:29 | 000,000,558 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Zhang.job
[2010/05/07 21:22:31 | 000,001,356 | ---- | M] () -- C:\Users\Zhang\AppData\Local\d3d9caps.dat
[2010/05/07 21:20:49 | 000,002,004 | ---- | M] () -- C:\Users\Zhang\Documents\cc_20100507_212042.reg
[2010/05/07 15:12:32 | 000,115,120 | ---- | M] () -- C:\Users\Zhang\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/07 15:11:46 | 000,433,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/07 14:59:42 | 000,233,006 | ---- | M] () -- C:\Users\Zhang\Documents\cc_20100507_145832.reg
[2010/05/07 14:57:40 | 000,004,350 | ---- | M] () -- C:\Users\Zhang\Documents\cc_20100507_145649.reg
[2010/05/07 14:28:34 | 000,001,670 | ---- | M] () -- C:\Users\Zhang\Desktop\CCleaner.lnk
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/01 16:42:44 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForZhang.job
[2010/04/29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/27 09:50:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/04/22 17:02:12 | 000,022,016 | ---- | M] () -- C:\Users\Zhang\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 14:21:47 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2010.SP1d.lnk
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/13 17:51:53 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/12 22:23:43 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google 地球.lnk
[2010/05/09 21:35:27 | 2144,301,056 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/09 16:56:47 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/07 21:20:47 | 000,002,004 | ---- | C] () -- C:\Users\Zhang\Documents\cc_20100507_212042.reg
[2010/05/07 14:58:43 | 000,233,006 | ---- | C] () -- C:\Users\Zhang\Documents\cc_20100507_145832.reg
[2010/05/07 14:57:00 | 000,004,350 | ---- | C] () -- C:\Users\Zhang\Documents\cc_20100507_145649.reg
[2010/05/07 14:28:34 | 000,001,670 | ---- | C] () -- C:\Users\Zhang\Desktop\CCleaner.lnk
[2010/04/27 09:50:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/04/14 14:21:47 | 000,001,171 | ---- | C] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2010.SP1d.lnk
[2010/04/14 14:21:32 | 013,045,760 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/04/07 18:48:56 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/04/07 18:48:56 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/08/05 06:04:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/17 06:42:38 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2008/11/14 18:15:30 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/09/20 17:13:44 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2007/11/14 10:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006/11/02 12:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3A295ECF
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4
< End of report >


Alt 13.05.2010, 22:18   #6
flamer
 
Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung - Standard

Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung



Weiter gehts


extras.txt:
Zitat:
OTL Extras logfile created on: 2010/5/13 23:00:29 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Zhang\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000804 | Country: 中华人民共和国 | Language: CHS | Date Format: yyyy/M/d

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.19 Gb Total Space | 153.14 Gb Free Space | 68.31% Space Free | Partition Type: NTFS
Drive D: | 8.69 Gb Total Space | 1.62 Gb Free Space | 18.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZHANG-PC
Current User Name: Zhang
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A8A5EC-EA11-48A5-92AB-62F7DE99CABE}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp1d\wnt500x86\rpcsandrasrv.exe |
"{11EC6974-6641-4B86-A227-C7B077C3081E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{29B28996-BAA2-47D1-B081-199509B2EA24}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{372AAFB0-F4C6-4EA7-9210-5298D09AF201}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp1d\rpcagentsrv.exe |
"{4623F006-A238-4B35-A23B-B7D0C01C5C7F}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp1d\wnt500x86\rpcsandrasrv.exe |
"{4D7C0066-890C-42CC-B7E9-C0477224A24E}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp1d\wnt500x86\rpcsandrasrv.exe |
"{4F08711F-01D5-495F-8FD6-72C8C65CB867}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{72903EB6-C156-43BE-89F6-BDA711046EBE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{76E35CEA-9508-4371-82D4-D85CDA197FE0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{812FAD06-373D-4D06-A4ED-8D95B0FA049A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{89CF22A2-969C-444B-A3CF-30D29FCAB927}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ADDAEB9D-0E47-4B8C-87C3-19A1C1363F2E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CC07C603-3F48-4C7A-80BB-BC93CF352D93}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D5D9C1E0-D642-4FA4-8A97-F157220BDC8F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DAC6C965-1ED6-48DC-A0F4-B33A8A949017}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DB101C-E8FA-4A51-8099-7CAEDCF8B31E}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.54\thunderservice.exe |
"{03C141EE-2946-4D6E-9CFB-32B7791CD2C8}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.54\thunderliveud.exe |
"{0821E303-E436-4756-8021-FDBDCC2BB019}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp1d\rpcagentsrv.exe |
"{08A2E85B-4D40-40C5-92B2-7A40E1AE8084}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{0AF82064-53C3-45E1-8AB3-39AC0FD168E2}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.54\thunderservice.exe |
"{0BB1A0E2-5B46-41C4-938F-8C9BBFCB89A4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{0BC4BCEE-CB17-49A0-B980-00B6A866E44E}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.56\thunderliveud.exe |
"{0CEAA590-B28A-4336-87EA-4DD15FEBDBF2}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{0DE60332-36A9-407D-9F9B-E0F0121D64F4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{0FAB7726-2062-436F-A464-BC0C9472D7FB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{100102A2-FFCC-4CD3-8FDC-F58E76457FEF}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{11779E7D-4684-478F-8A3E-5279D7ECCAA2}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.54\thunderservice.exe |
"{1601B4ED-46BF-4872-9C65-164CFC139B96}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{18505BDF-2E7B-4A4D-A49A-5A3D9AB8CF65}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.54\xlbugreport.exe |
"{1C8D2F78-FC68-41C9-8011-83B23840149D}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.54\thunderliveud.exe |
"{2140C150-7E25-45DB-9478-02B3F0AD60F1}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.54\thunderliveud.exe |
"{234E394B-BCAF-4CC1-8397-731E80986FDC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{235A262A-4490-4E23-B458-E9C2E0DCF4EE}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{2B175B82-DDAF-438A-8C6E-B7F1A9FA62B4}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.56\xlbugreport.exe |
"{2F6565CD-46BB-41B4-B3F0-1B7A7BAFAFA4}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{33061CD7-BAF5-4E96-8BBF-5597428344B2}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{33074EE6-898D-44E9-A8AF-D1CA2DCAA019}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.54\thunderliveud.exe |
"{33CAEB39-44FE-464B-A20A-3F242B83C5FA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3434B030-F96F-4A0B-8DCB-A59A27CCE338}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{3630D68D-C129-4968-9B02-A7F70B0820B0}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.54\thunderservice.exe |
"{36AC1555-BB21-4C69-AD62-0F1249951880}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{36B13F49-9854-438B-AE10-A75C643EAC04}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.54\thunderliveud.exe |
"{37DDE221-6644-44F7-8F1B-84E74570298A}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.56\thunderservice.exe |
"{391EF96A-3CAE-44A1-9D14-6AA28FEE276D}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{3959DA56-C1C6-4236-AD56-733DE8EFE3CC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3AF68880-1A89-4483-AD16-DF096564D79E}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.54\xlbugreport.exe |
"{4884C451-02D2-426A-8ACA-BB058E0ADA92}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{499655B8-6005-4649-AF49-A3A25D3C29CB}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.61\xlbugreport.exe |
"{49D4EA6F-CC99-4FA8-9B70-6B1069B8EE8C}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp1d\wnt500x86\rpcsandrasrv.exe |
"{4A048F7F-30DC-423D-9915-6948088EAEE6}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp\thunderliveud.exe |
"{4B347B97-8033-4517-A272-96F6D90A1833}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp\kankan\thunderliveud.exe |
"{4B8C4705-666A-4FAC-B1B6-40A6CE42D065}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5377C28C-E15D-40E7-82C8-7735074815E6}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.56\thunderliveud.exe |
"{56E26F94-B35B-4A9B-8ECF-E6FF5A5EA45D}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{5896BDE8-A0AF-4588-877B-EABD2557BA64}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{5F706318-9A80-4CED-A343-6D4E911309AE}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp1d\wnt500x86\rpcsandrasrv.exe |
"{617986E2-0B4D-4958-BCF5-46C538185083}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.54\xlbugreport.exe |
"{682CFCB5-B8B1-4D27-B5ED-6CE32CD8D4AC}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{6A171299-7A32-466B-A055-F06AD769A85E}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{6D13AD64-F89D-4BDC-83E9-95E8A8995C0E}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp\kankan\xmpboot.exe |
"{7099B482-4305-4D74-9F5F-4A7BD1FBEC74}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp\xmp.exe |
"{712B658F-B51D-4416-9974-1B2363AFCBF0}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.56\xlbugreport.exe |
"{762E7937-E3FD-4748-8D46-D5630F0D8F40}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.61\thunderliveud.exe |
"{7683B21B-C091-4DE7-AEE8-F8AB402BD4B3}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.61\xlbugreport.exe |
"{78691CA6-8E7D-4805-94BA-D6D64971AB19}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{7986A673-46E9-426D-9C41-8BB290BA718A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{884C7B3E-CDB3-464D-A96E-A37FDFC720AC}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{89D2F11C-D1C4-4CFB-8502-2D9460126192}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.56\thunderservice.exe |
"{8A4E23B0-D7A0-49D5-9EB9-D8CBFFA5E360}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.56\thunderliveud.exe |
"{8E062CE1-3331-4AC5-A849-FDAAB0D7C6DC}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.61\thunderservice.exe |
"{94F1ACB4-4B35-42CA-B0FC-72F9F4AB115B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{964A8A64-5D91-4E15-AC30-DA21130C86D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{9653EA16-5B28-466C-83C0-BCFCBB9D8516}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{971BA62D-8DD0-49C4-8F78-7E53E9EFDB21}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.56\thunderservice.exe |
"{97ADE931-28C1-433D-AD40-04796DAEB288}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp1d\wnt500x86\rpcsandrasrv.exe |
"{982DFA3F-1086-4412-938D-550428F63172}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{9E14A295-CC47-4D9C-BF44-42E84948331A}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A312E3E0-2F18-4100-9033-F2626DE1F11D}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.54\xlbugreport.exe |
"{A4AED3A7-EAF0-41DA-9A2A-373327BA1DAB}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{AC8711E6-C4D2-4381-8788-E9F3270F4791}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{B66ADA48-FA85-4FBF-B9E9-54815A62A934}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp\kankan\thunderliveud.exe |
"{B7851B7E-68D5-4565-A4F8-C004BD0FA03C}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{BB8F32D5-2A53-443C-AF76-FC8EEE12A6C0}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.56\xlbugreport.exe |
"{BEB15B13-283D-4BB6-B5AB-C46459DB1842}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C51E2F27-0192-46AF-A4A6-F913EECEC8B7}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.61\thunderliveud.exe |
"{C8CB7568-F820-4278-8398-8D2B2264D84F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C8D8DC5A-6078-43CA-89E4-3118AC42F774}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{C926EE27-37EB-47EA-9989-E8C2B4DCD78E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{C928E847-3C76-4321-A833-F4B3A8C84C65}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{CE303F5D-DE21-43D0-98F5-D40F13C1410E}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp\thunderliveud.exe |
"{D06E4B16-7042-4440-809C-D1864B84F022}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.56\xlbugreport.exe |
"{D8A6CB5E-206F-45D8-A6AD-FACBEEEDF72B}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp\xmp.exe |
"{D9080B3E-E0BC-4A49-BC29-F5B7B1D284BD}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp\kankan\xmpboot.exe |
"{DBB7C67A-2C79-4FBC-B90E-DCCA5E8C03EE}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{DE09D579-1C3E-4DB6-B935-242CB70A0B9A}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.54\thunderservice.exe |
"{E6B5C475-9D2A-4D7B-9A73-238DE2A000C4}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{E75CC396-EE7F-474D-924D-1CD846A0D457}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.54\thunderliveud.exe |
"{E8C64270-B333-4DD0-855B-4D43ABCB30CC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EC452A4B-CE1B-4491-A6F0-A4BE0615F977}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.54\xlbugreport.exe |
"{EFEEAF87-C5C1-4C58-A96A-5E83110CDF6F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{F1183372-32AF-4C40-8B76-3EF1BEED2ABF}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.56\thunderservice.exe |
"{F3CA098A-9A7A-4B7D-9E88-A90ECF298109}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.61\thunderservice.exe |
"{FAA369E7-82D3-425F-9092-1791D43DC6EE}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.54\thunderservice.exe |
"{FC63620B-EE2F-43AC-BBE1-10239B08C031}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.56\thunderliveud.exe |
"{FCCB161A-557A-45A9-A472-D7AE739E264B}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\ds\ver1\1.0.2.54\xlbugreport.exe |
"TCP Query User{32EF96C2-0ADB-4BBA-94C3-23AADC730E4F}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe |
"TCP Query User{3B2640C7-8896-487F-9184-9FDEB69BDC73}C:\users\zhang\desktop\spiele\call of duty 4 - modern warfare [cracked]\cod4.exe" = protocol=6 | dir=in | app=c:\users\zhang\desktop\spiele\call of duty 4 - modern warfare [cracked]\cod4.exe |
"TCP Query User{4BB5D2DB-6D22-4A7D-8BEB-D5F5A616344F}C:\program files\tencent\qq\bin\auclt.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\auclt.exe |
"TCP Query User{4C85F93C-1671-4856-B5C7-69A33C1BC993}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{4FD32FF6-A061-4AD0-8D02-D7E571CE7649}C:\program files\steam\steamapps\_janops_\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\_janops_\counter-strike source\hl2.exe |
"TCP Query User{A9A027C6-654A-4DAF-9432-8AE4ACBD1D37}C:\program files\tencent\qq\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\qq.exe |
"TCP Query User{B7949CBD-CFA0-40D0-BA32-6889A0325FCD}C:\users\zhang\desktop\spiele\s.t.a.l.k.e.r [cracked]\bin\xr_3da.exe" = protocol=6 | dir=in | app=c:\users\zhang\desktop\spiele\s.t.a.l.k.e.r [cracked]\bin\xr_3da.exe |
"TCP Query User{BDFCDE6B-03CA-4B24-A129-D6E8087AAD0F}C:\users\zhang\appdata\local\temp\lmia4e9.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\zhang\appdata\local\temp\lmia4e9.tmp\lmi_rescue.exe |
"TCP Query User{D6220651-3880-4303-862F-3590D9470C5D}C:\program files\steam\steamapps\isis2911\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\isis2911\counter-strike source\hl2.exe |
"TCP Query User{D94337C6-419A-4322-A163-AF877E4B1088}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{E688A034-EEAF-4BF1-A04E-7975563EFA9B}C:\program files\steam\steamapps\allstarger\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\allstarger\counter-strike source\hl2.exe |
"UDP Query User{1833D86A-9E96-4381-AE23-08A4116E9AC9}C:\users\zhang\desktop\spiele\s.t.a.l.k.e.r [cracked]\bin\xr_3da.exe" = protocol=17 | dir=in | app=c:\users\zhang\desktop\spiele\s.t.a.l.k.e.r [cracked]\bin\xr_3da.exe |
"UDP Query User{1F3C2725-43B0-47D2-9855-C7FEAB225FCF}C:\program files\steam\steamapps\allstarger\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\allstarger\counter-strike source\hl2.exe |
"UDP Query User{5646E7E9-330C-40A5-A165-BD4F25D86AFF}C:\users\zhang\appdata\local\temp\lmia4e9.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\zhang\appdata\local\temp\lmia4e9.tmp\lmi_rescue.exe |
"UDP Query User{704F4AB7-BF5F-4B9F-AA56-E680555388D4}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{78E09E09-B2D0-496B-8C52-A6F1E6E4DC5C}C:\users\zhang\desktop\spiele\call of duty 4 - modern warfare [cracked]\cod4.exe" = protocol=17 | dir=in | app=c:\users\zhang\desktop\spiele\call of duty 4 - modern warfare [cracked]\cod4.exe |
"UDP Query User{A6683537-F191-4143-9A5A-1474994843C9}C:\program files\tencent\qq\bin\auclt.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\auclt.exe |
"UDP Query User{C433838D-DCDB-4734-8704-650E61ED0A7B}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{CBBAF88E-836E-43F5-BC83-951AF7F092B1}C:\program files\steam\steamapps\isis2911\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\isis2911\counter-strike source\hl2.exe |
"UDP Query User{D1AEE638-89B1-49BD-8C35-B6751CC81B0F}C:\program files\tencent\qq\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\qq.exe |
"UDP Query User{EF0F00D3-2642-4428-AA21-34D7C16311EB}C:\program files\steam\steamapps\_janops_\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\_janops_\counter-strike source\hl2.exe |
"UDP Query User{F0FF01AA-FB92-40B6-A52F-BB2A76D9EF6E}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = 腾讯QQ2009
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{120B6A04-30AD-4F9B-B8C9-258D4285865E}" = ProtectSmart Hard Drive Protection
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{22712FAD-DE04-4D50-82A6-3C7AC5D55AA2}" = HP User Guides 0101
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype(TM) 4.0
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41BBDC08-ACFF-48C2-BD81-CA154C841351}" = Nokia Software Launcher
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{54E51672-DC3D-3204-BBF9-3AAF25CFF8AE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - chs
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{879B6710-E456-4993-9925-1A384591E7E1}" = SoftStylus
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B4F2108-7395-4951-A7BE-86DA108A001C}" = OGA Notifier 1.7.0105.14.0
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903F2FE9-1751-4894-9D10-702F3AA0D6D5}" = Nokia NSeries Application Installer
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A817131B-177D-4FB9-8317-C91138013600}" = Nokia NSeries One Touch Access
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-2052-7B44-A93000000001}" = Adobe Reader 9.3.2 - Chinese Simplified
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE72E414-0935-4AC8-B7D6-12E3039BEC13}" = DigitalPersona Personal 3.0.1
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B0CC883F-D14A-4EBA-9355-4D23B223CF05}" = Nokia NSeries System Utilities
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBC12E6C-C32F-470A-BF15-5A8C21066D1A}" = Nokia NSeries Content Copier
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP1d
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C701040C-9CBD-4321-9CA3-8305E3EA26B6}" = Nokia NSeries Multimedia Player
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D7A2654B-BE52-489F-8FCD-EFCC67FDF007}" = Windows Live Messenger
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DAE76241-A047-407E-9237-26120C7BA6CE}" = Imagine Fashion Designer
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E94603CA-2996-4154-8EE2-A5FCD4BFB500}" = Nokia Lifeblog 2.5
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1C1272D-FEE6-4B24-862C-01F4959997E2}" = Nokia Software Updater
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google 地球
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 (Simplified Chinese)
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows 驱动程序包 - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Toolbar" = AOL Toolbar 5.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Desktop" = Google Desktop
"Google Updater" = Google 软件精选管理器
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - chs" = Microsoft .NET Framework 3.5 SP1 语言包 - 简体中文
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nokia NSeries Application Installer" = Nokia NSeries Application Installer 6.82.17
"Nokia NSeries Content Copier" = Nokia NSeries Content Copier 6.82.17
"Nokia NSeries Multimedia Player" = Nokia NSeries Multimedia Player 6.82.17
"Nokia NSeries One Touch Access" = Nokia NSeries One Touch Access 6.82.17
"Nokia NSeries System Utilities" = Nokia NSeries System Utilities 6.82.17
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Shop for HP Supplies" = Shop for HP Supplies
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Spyware Doctor" = Spyware Doctor 7.0
"WinRAR archiver" = WinRAR 压缩文件管理器
"迅雷看看播放器" = 迅雷看看播放器

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010/5/9 8:57:27 | Computer Name = Zhang-PC | Source = EventSystem | ID = 4609
Description =

Error - 2010/5/9 11:03:23 | Computer Name = Zhang-PC | Source = EventSystem | ID = 4609
Description =

Error - 2010/5/9 13:00:47 | Computer Name = Zhang-PC | Source = Application Hang | ID = 1002
Description = 程序 RSIT.exe 版本 3.3.6.1 停止与 Windows 交互并被关闭。若要查看关于该问题的详细信息是否可用,请检查“问题报告和解决方案”控制面板中的问题历史记录。
进程
ID: be4 开始时间: 01caef98d079e81a 终止时间: 58

Error - 2010/5/9 13:01:14 | Computer Name = Zhang-PC | Source = ESENT | ID = 467
Description = Windows (3024) Windows: 数据库 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
表 SystemIndex_0A 的索引 System_KindText804 被损坏(0)。

Error - 2010/5/9 13:01:14 | Computer Name = Zhang-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 2010/5/9 13:21:20 | Computer Name = Zhang-PC | Source = Application Error | ID = 1000
Description = 错误应用程序 mobsync.exe,版本 6.0.6001.18000,时间戳 0x47918e41,错误模块 ntdll.dll,版本
6.0.6002.18005,时间戳 0x49e03821,异常代码 0xc0000374,错误偏移量 0x000afaf8, 进程 ID 0x15cc,应用程序启动时间
0x01caef9c08f4cd1a。

Error - 2010/5/9 14:15:13 | Computer Name = Zhang-PC | Source = EventSystem | ID = 4609
Description =

Error - 2010/5/11 9:55:05 | Computer Name = Zhang-PC | Source = Google Update | ID = 20
Description =

Error - 2010/5/11 10:06:41 | Computer Name = Zhang-PC | Source = Google Update | ID = 20
Description =

Error - 2010/5/11 11:06:55 | Computer Name = Zhang-PC | Source = Google Update | ID = 20
Description =

[ DigitalPersona Pro Events ]
Error - 2009/6/13 23:59:24 | Computer Name = Zhang-PC | Source = DigitalPersona Pro | ID = 17827841
Description = 一对一指纹匹配失败。

[ OSession Events ]
Error - 2008/12/13 6:50:10 | Computer Name = Zhang-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 51
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2010/5/13 14:25:15 | Computer Name = Zhang-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2010/5/13 14:25:16 | Computer Name = Zhang-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2010/5/13 16:09:26 | Computer Name = Zhang-PC | Source = EventLog | ID = 6008
Description = 上一次系统的 22:07:38 在 2010/5/13 上的关闭是意外的。

Error - 2010/5/13 16:11:00 | Computer Name = Zhang-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2010/5/13 16:11:54 | Computer Name = Zhang-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2010/5/13 16:11:55 | Computer Name = Zhang-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2010/5/13 16:48:20 | Computer Name = Zhang-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2010/5/13 16:52:12 | Computer Name = Zhang-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2010/5/13 16:53:05 | Computer Name = Zhang-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2010/5/13 16:53:06 | Computer Name = Zhang-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

Nochmals vielen Dank für den anderen Thread und auch für deine Bemühungen in diesem.

MfG,
Flamer

Alt 14.05.2010, 09:40   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung - Standard

Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung



Hm, die Logs sind unauffällig. Noch gravierende Probleme oder Funde?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.05.2010, 13:16   #8
flamer
 
Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung - Standard

Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung



Nein, eig. nicht. Das war nur sehr komisch, weil er, nachdem bereits nichts mehr gefunden wurde noch immer überlastet war. Aber ich glaube, dass er mit der Zeit besser wurde und nun läuft der normal. Ich fände es natürlich toll, wenn mein PC sich automatisch effizient machen könnte, aber das ist meienr Meinung anch schon komisch.
Aber wenn die Logs nichts unauffälliges zeigen, dann ist das doch gut

Und da er jetzt auch wiede rnormal läuft, kann ich mich nicht beschweren.

Danke nochmals für deinen äuérst schnellen SUpport.
Kannst du mir sagen, wovon das Forum "lebt"? Also Werbung und so habe ich ja noch keine gesehen

MfG,
Flamer

Alt 14.05.2010, 13:29   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung - Standard

Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung



Das Forum lebt von Werbung. Registrierte Mitglieder sehen die aber nicht
Wenn Du willst, kannst Du uns eine kleine Spende via Paypal geben.

Wenn Dein Rechner wieder ok ist, würde ich vorschlagen Du prüfst die Updates:

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.05.2010, 18:53   #10
flamer
 
Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung - Standard

Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung



Alles mögliche geupdated.
Ich bedanke mich auch nochmal vielmas für deinen Support.
Meine sehr kleine Spende über paypal ist geschehen und ich wünsche dir auch noch viel Spaß bei deiner Arbeit

MfG,
flamer

Antwort

Themen zu Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung
alle programme, auslastung, avira, bericht, betrug, bildschirm, ccleaner, dropper.gen, exe, maus, neustart, norton, problem, programme, quarantäne, security, speicher, spyware, spyware doctor, taskleiste, trojaner, update, virus, virus trojaner, überlastung, öffnen




Ähnliche Themen: Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung


  1. Malware und Trojaner gefunden TR/AtRAPS.GEN, TR/Dropper.Gen2 und weitere
    Plagegeister aller Art und deren Bekämpfung - 03.03.2015 (27)
  2. (mehrere) Trojanermeldung(en) AVG (Win8.1) : "Trojaner: Dropper.Generic2.ANGG.dropper"
    Log-Analyse und Auswertung - 11.07.2014 (3)
  3. 4 Trojaner & veränderte Systemdatei (ATRAPS.Gen & Gen2, Dropper.BCMiner, ZAccess.H)
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (9)
  4. TR/ATRAPS.Gen2 und Trojan.Dropper.BCMiner
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (3)
  5. Trojan.Dropper und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (30)
  6. Trojaner TR/Dropper.Gen2 in C:\Users\Mirja\AppData\Roaming\Mozilla\Firefox\Profiles\6x4lp5w3.default
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (8)
  7. TR/Crypt.XPACK und TR/Dropper.Gen auf Win XP gefunden, wie kann er entfernt werden ?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2011 (1)
  8. Avira findet TR/Dropper.Gen2 auf Netbook
    Log-Analyse und Auswertung - 08.08.2011 (2)
  9. Trojaner/keylogger durch Google Bildersuche?! TR/Dropper.Gen2
    Plagegeister aller Art und deren Bekämpfung - 01.06.2011 (5)
  10. TR/Dropper.Gen vollständig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 13.01.2011 (6)
  11. TR/Dropper.Gen2
    Plagegeister aller Art und deren Bekämpfung - 14.09.2010 (10)
  12. Trojaner: Generic18.VII,Trojaner: Dropper.Generic2.XRU... k. Windows Update m. ,OTL & Malw Log anbei
    Plagegeister aller Art und deren Bekämpfung - 10.07.2010 (31)
  13. Trojaner TR/Dropper.Gen kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 31.12.2009 (1)
  14. Trojaner entfernt und dennoch Probleme ....
    Plagegeister aller Art und deren Bekämpfung - 23.01.2009 (1)
  15. TR/Dropper.Gen entfernt?!
    Log-Analyse und Auswertung - 02.11.2008 (4)
  16. TR/Dropper.Gen mit Avira entfernt
    Log-Analyse und Auswertung - 25.10.2008 (3)
  17. TR/Dropper.Gen. entfernt?
    Mülltonne - 17.09.2008 (0)

Zum Thema Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung - Hi, mein Problem ist wie folgt. Mein Vater hat meinen PC zum durchforsten seiner USB-Sticks verwendet. Als ich wiederkam, war der PC noch an, jedoch war er 100%-tig ausgelastet. Der - Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung...
Archiv
Du betrachtest: Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.