| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: E-mail mit Mahnung von einem Anwalt über eine unbekannte BestellungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.11.2013, 14:16
| #1 |
| |  E-mail mit Mahnung von einem Anwalt über eine unbekannte Bestellung Hallo, Ich hab heute eine Mahnung von einem "Online Anwaltschaft" bekommen über eine unbekannte Bestellung in Höhe von ca. 400€. Darunter war ein Anhang mit einer Zip-datei und darin befand sich eine MS-DOS Datei, die ich geöffnet habe, dabei ist aber nix passiert. Nun möchte euch fragen, ob das vielleicht ein Trojaner war? Mit freundlichen Grüßen, com Hier die Logfiles: gmer.txt : Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-29 14:04:59
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD7500BPVT-00HXZT3 rev.01.01A01 698.64GB
Running: g994icf5.exe; Driver: C:\Users\User\AppData\Local\Temp\kwldapog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600012f800 3 bytes [C0, 82, 02]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 4 fffff9600012f804 3 bytes [41, BC, FA]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\QQPCRtp.exe[332] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075c61a9e 5 bytes [33, C0, C2, 04, 00]
.text C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\QQPCRtp.exe[332] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000764b62d4 5 bytes JMP 0000000173a7124f
.text C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kxescore.exe[2032] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075c61a9e 5 bytes JMP 00000001100013b3
.text C:\Windows\Explorer.EXE[4016] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ca9dc0 12 bytes JMP 0000000170000000
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\svchost.exe [4916:4952] 000000007efa0000
Thread C:\Windows\SysWOW64\svchost.exe [4916:4792] 000000007efa4c71
Thread C:\Windows\SysWOW64\svchost.exe [4916:4348] 000000007efa7ff1
Thread C:\Windows\SysWOW64\svchost.exe [4916:5048] 000000007efa6a4f
---- EOF - GMER 2.1 ----
Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-11-2013
Ran by User at 2013-11-29 13:52:06
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AV: 新毒霸铠甲防御 (Enabled - Up to date) {B6A51389-A795-5AC9-13BA-F569D73F3FE8}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
==================== Installed Programs ======================
¿´Í¼ (x32 Version: )
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Chinese Simplified (x32 Version: 11.0.03)
BaiduPlayer3.3.2.49 (x32 Version: 3.3.2)
Free Audio CD Burner version 2.0.23.430 (x32 Version: 2.0.23.430)
Funshion (x32 Version: 2.8.6.51)
Google Chrome (x32 Version: 31.0.1650.57)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2653)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
QQ浏览器7.4 (x32 Version: 7.4.17213.400)
QQ旋风4.4 (x32 Version: 4.4.755.401)
QQ音乐2013 (x32 Version: 2013)
QQ影音3.7 (HKCU Version: 3.7)
QQ游戏 (x32 Version: 3.1.107.51)
SOSO工具栏 (x32 Version: 5.2.9.0)
Tencent QQMail Plugin (x32)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
百度地址栏 (x32 Version: 1.0)
百度工具栏 (x32 Version: 2.3.0.20)
百度浏览器 (x32 Version: 2.210 正式版)
电脑管家8.5 (x32 Version: 8.5.10246.226)
搜狗拼音输入法 智慧版2.0 (x32 Version: 7.0.0.9162)
腾讯QQ2013 (x32 Version: 1.99.8796.0)
腾讯视频 (x32 Version: 8.53.7339.0)
网址哨兵 (x32 Version: 7.3.1.3)
新毒霸(悟空) (x32 Version: 2013.5.0)
==================== Restore Points =========================
09-08-2013 16:31:13 Windows Update
13-08-2013 09:48:18 Windows Update
16-08-2013 09:12:10 Windows Update
20-08-2013 15:17:05 Windows Update
27-08-2013 15:29:02 Windows Update
29-08-2013 09:28:47 Windows Update
03-09-2013 11:54:12 Windows Update
10-09-2013 15:14:39 Windows Update
12-09-2013 09:22:31 Windows Update
17-09-2013 09:10:27 Windows Update
20-09-2013 09:39:49 Windows Update
24-09-2013 11:16:06 Windows Update
27-09-2013 15:12:10 Windows Update
01-10-2013 10:15:17 Windows Update
08-10-2013 10:10:23 Windows Update
11-10-2013 10:33:16 Windows Update
15-10-2013 11:49:41 Windows Update
22-10-2013 09:57:14 Windows Update
25-10-2013 10:58:56 Windows Update
29-10-2013 12:24:35 Windows Update
05-11-2013 10:55:42 Windows Update
08-11-2013 12:20:29 Windows Update
12-11-2013 16:17:26 Windows Update
14-11-2013 16:16:17 Windows Update
19-11-2013 11:44:19 Windows Update
26-11-2013 10:24:00 Windows Update
29-11-2013 10:53:29 Windows Update
==================== Hosts content: ==========================
2006-11-02 13:34 - 2013-05-01 11:31 - 00000019 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {2168A35A-32AE-42C0-9BB3-DAB0CB0DB6F3} - System32\Tasks\Microsoft\Windows\RestartManager\{F9875AAE-90F5-42d5-BDDC-326B31521D44} => C:\Windows\System32\RmClient.exe [2006-11-02] (Microsoft Corporation)
Task: {38851180-A7EF-41DF-B405-1F736633D087} - System32\Tasks\SogouImeMgr => C:\Program Files (x86)\SogouInput\SogouExe\SogouExe.exe [2013-03-04] (Sogou.com Inc.)
Task: {523EC5F7-36F6-4EA3-BD74-FBC0C32AA4FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-21] (Google Inc.)
Task: {556ED8B7-D2D0-453F-97C1-D84C33838F20} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {66E11425-1D54-4324-BF69-29840D864FF2} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {76ADA224-6A7D-4E7A-BE9C-D5D51A5FB701} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A8254DAF-459E-4282-AECC-F0F85BBECA1A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-21] (Google Inc.)
Task: {B095D338-AA22-4DFE-BEBB-268448FB9B71} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-14] (Adobe Systems Incorporated)
Task: {D1E37A69-96D0-48DE-A7FC-DB4CB59BD085} - System32\Tasks\BaiduBrowserUpdater => C:\Program Files (x86)\Baidu\BaiduBrowser2.190.0.1909.1\bdupdate.exe [2013-10-29] (Baidu.com, Inc.)
Task: {F37610AF-F823-4108-81D4-5B2E7546F5F8} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {FF53BC52-F368-4962-9C27-0DB2DFB9032C} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-10-21 11:27 - 2013-10-21 11:27 - 00482872 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\sqlite.dll
2013-10-21 11:27 - 2013-10-21 11:27 - 00100376 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\tinyxml.dll
2013-10-21 11:27 - 2013-10-21 11:27 - 00073272 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
2013-10-21 11:27 - 2013-10-21 11:27 - 00052792 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
2013-10-21 11:27 - 2013-10-21 11:27 - 00151096 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\QQFileFlt.dll
2013-11-02 19:27 - 2013-11-02 19:27 - 00158368 _____ () C:\Program Files (x86)\Kingsoft\shoujizhushou\zlib1.dll
2013-10-21 11:27 - 2013-10-21 11:27 - 00087896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\zlib.dll
2013-10-21 11:27 - 2013-10-21 11:27 - 00137048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\libexpatw.dll
2013-10-21 11:27 - 2013-10-21 11:27 - 00092184 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\xGraphic32.dll
2013-10-21 11:27 - 2013-10-21 11:27 - 00342040 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\arkGraphic.dll
2013-10-21 11:27 - 2013-10-21 11:27 - 00045592 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\jgImage.dll
2013-10-21 11:27 - 2013-10-21 11:27 - 00157528 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\libpng.dll
2013-10-21 11:27 - 2013-10-21 11:27 - 00284504 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\libjpegturbo.dll
2013-10-21 11:27 - 2013-10-21 11:27 - 00013848 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\jgIOStub.dll
2013-10-21 11:27 - 2013-10-21 11:27 - 00433720 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\OptimizeExDll.dll
2013-10-21 11:27 - 2013-10-21 11:27 - 00261688 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\plugins\StartupMgr\SoftMon.dll
2013-05-16 10:47 - 2013-05-16 10:47 - 00088088 _____ () C:\Program Files (x86)\Tencent\QQMusic\zlib.dll
2013-05-16 10:46 - 2013-05-16 10:46 - 00137240 _____ () C:\Program Files (x86)\Tencent\QQMusic\libexpatw.dll
2013-05-16 10:47 - 2013-05-16 10:47 - 00100376 _____ () C:\Program Files (x86)\Tencent\QQMusic\tinyxml.dll
2013-05-16 10:46 - 2013-05-16 10:46 - 00342040 _____ () C:\Program Files (x86)\Tencent\QQMusic\arkGraphic.dll
2013-05-16 10:47 - 2013-05-16 10:47 - 00157720 _____ () C:\Program Files (x86)\Tencent\QQMusic\libpng.dll
2013-05-16 10:47 - 2013-05-16 10:47 - 00284696 _____ () C:\Program Files (x86)\Tencent\QQMusic\libjpegturbo.dll
2013-05-16 10:45 - 2013-05-16 10:45 - 00016920 _____ () C:\Program Files (x86)\Tencent\QQMusic\QMP_COMMON.dll
2013-05-16 10:47 - 2013-05-16 10:47 - 00020504 _____ () C:\Program Files (x86)\Tencent\QQMusic\msdmo.dll
2013-02-01 01:41 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-11-16 18:11 - 2013-11-14 12:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-16 18:12 - 2013-11-14 12:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-16 18:11 - 2013-11-14 12:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-11-16 18:11 - 2013-11-14 12:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-16 18:11 - 2013-11-14 12:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/29/2013 01:55:14 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_1> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (11/29/2013 01:55:14 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_3> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (11/29/2013 01:55:14 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_2> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (11/29/2013 01:55:14 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_0> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (11/29/2013 01:51:42 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\2JSYABFK\S.YTIMG.COM\RESTORE.SXX> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (11/29/2013 01:51:41 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\2JSYABFK\S.YTIMG.COM\SOUNDDATA.SXX> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (11/29/2013 01:51:41 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\2JSYABFK\S.YTIMG.COM\VIDEOSTATS.SXX> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (11/29/2013 01:31:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (11/29/2013 01:31:10 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (11/29/2013 01:31:10 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (11/29/2013 01:44:16 PM) (Source: Service Control Manager) (User: )
Description: Diagnosesystemhost
Error: (11/29/2013 01:44:13 PM) (Source: Service Control Manager) (User: )
Description: Diagnosediensthost
Error: (11/29/2013 01:42:32 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 29.11.2013 um 13:41:08 unerwartet heruntergefahren.
Error: (11/29/2013 11:48:01 AM) (Source: Service Control Manager) (User: )
Description: Diagnosesystemhost
Error: (11/29/2013 11:47:56 AM) (Source: Service Control Manager) (User: )
Description: Diagnosediensthost
Error: (11/28/2013 01:41:33 PM) (Source: Service Control Manager) (User: )
Description: Kingsoft Core Service1
Error: (11/28/2013 01:34:14 PM) (Source: Service Control Manager) (User: )
Description: Windows Search2300001Neustart des Diensts
Error: (11/28/2013 01:34:14 PM) (Source: Service Control Manager) (User: )
Description: Windows Search2147749155 (0x80040D23)
Error: (11/28/2013 01:33:44 PM) (Source: Service Control Manager) (User: )
Description: Windows Presentation Foundation-Schriftartcache 3.0.0.0101Neustart des Diensts
Error: (11/28/2013 01:33:44 PM) (Source: Service Control Manager) (User: )
Description: Windows Search1300001Neustart des Diensts
Microsoft Office Sessions:
=========================
Error: (11/29/2013 01:55:14 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_1
Error: (11/29/2013 01:55:14 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_3
Error: (11/29/2013 01:55:14 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_2
Error: (11/29/2013 01:55:14 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_0
Error: (11/29/2013 01:51:42 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\2JSYABFK\S.YTIMG.COM\RESTORE.SXX
Error: (11/29/2013 01:51:41 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\2JSYABFK\S.YTIMG.COM\SOUNDDATA.SXX
Error: (11/29/2013 01:51:41 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\2JSYABFK\S.YTIMG.COM\VIDEOSTATS.SXX
Error: (11/29/2013 01:31:23 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL
Error: (11/29/2013 01:31:10 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL
Error: (11/29/2013 01:31:10 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL
CodeIntegrity Errors:
===================================
Date: 2013-11-29 13:53:41.399
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kingsoft\kingsoft antivirus\security\ksde\kisknl64.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-29 13:53:41.337
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kingsoft\kingsoft antivirus\security\ksde\kisknl64.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-29 13:53:41.259
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kingsoft\kingsoft antivirus\security\ksde\kisknl64.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-29 13:53:41.196
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kingsoft\kingsoft antivirus\security\ksde\kisknl64.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-29 13:52:01.811
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kisknl64.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-29 13:52:01.741
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kisknl64.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-29 13:52:01.664
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kisknl64.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-29 13:52:01.604
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kisknl64.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-29 13:52:01.483
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kisknl64.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-29 13:52:01.369
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\kisknl64.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 49%
Total physical RAM: 3978.73 MB
Available physical RAM: 2002.16 MB
Total Pagefile: 8172.75 MB
Available Pagefile: 5966.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (WindowsVista) (Fixed) (Total:698.64 GB) (Free:523.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: E0AB1384)
Partition 1: (Active) - (Size=699 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Hier FRST.txt: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-11-2013
Ran by User (administrator) on USER-PC on 29-11-2013 13:51:13
Running from C:\Users\User\Downloads
Windows Vista (TM) Business Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.1.0.30\BaiduProtect.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\QQPCRTP.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Kingsoft Corporation) C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kxescore.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Tencent) C:\Program Files\TENCENT\barupdate\TBUpdate.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Kingsoft Corporation) C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kxetray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\QQPCTray.exe
(Kingsoft Corporation) C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kwsprotect64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Funshion Online Technologies Ltd.) C:\Program Files (x86)\Funshion Online\2.8.6.51\FunshionService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Tencent) C:\Program Files (x86)\Tencent\QQMusic\QQMusic.exe
() C:\Program Files (x86)\Tencent\QQMusic\QQMusicExternal.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kingsoft Corporation) C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kislive.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [QQ2009] - C:\Program Files (x86)\Tencent\QQ\QQProtect\Bin\QQProtect.exe [167608 2013-10-29] (Tencent)
HKCU\...\Run: [Funshion] - C:\Program Files (x86)\Funshion Online\2.8.6.51\Funshion.exe [4243592 2013-09-15] (Funshion Online Technologies Ltd.)
HKCU\...\Run: [qqlive] - C:\Program Files (x86)\Tencent\QQLive\QQLive.exe [88120 2013-11-14] ()
HKCU\...\Run: [ixncwvri] - C:\Users\User\AppData\Roaming\Gggprupelg\rrrnzlswvri.exe [29184 2013-11-29] ()
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: {76ca757a-6c04-11e2-8fa1-806e6f6e6963} - D:\InstAll.exe
HKLM-x32\...\Run: [ QQPCTray] - C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\QQPCTray.exe [1064632 2013-10-21] (Tencent)
HKLM-x32\...\Run: [kxesc] - C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kxetray.exe [1595040 2013-11-25] (Kingsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hao.qq.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hao.qq.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&bar=13&tn=82068094_3_cb
SearchScopes: HKCU - {1FF7973D-AB0A-496d-82C1-4EADBBA11E7B} URL = hxxp://www.soso.com/q?sc=web&cid=tb.ub&w={searchTerms}&gid=XzXIHq5WAdkjkBw5qZP59l840M85tMk1&lr=&ie={inputEncoding}&unc=x400443_1
SearchScopes: HKCU - {44177982-996D-4b79-B29F-5B60E13A5169} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=98012088_4_dg&ch=2&ie=utf-8
SearchScopes: HKCU - {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&bar=13&tn=82068094_3_cb
BHO: QQDownload IE Left Helper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files (x86)\Tencent\QQDownload\QQIEHelper64.dll (Tencent Technology (Shenzhen) Company Limited)
BHO: 电脑管家网页防火墙 - {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\TSWebMon64.dat (Tencent)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: QQDownload IE Left Helper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files (x86)\Tencent\QQDownload\QQIEHelper01.dll (Tencent Technology (Shenzhen) Company Limited)
BHO-x32: SOSO工具栏 - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\TENCENT\QQToolbar\IEBar.dll (TENCENT)
BHO-x32: 32C85A2A-2E2A-CB27-61C1-1C6AD1E2801F Class - {32C85A2A-2E2A-CB27-61C1-1C6AD1E2801F} - C:\Program Files (x86)\Baidu\{32C85A2A-2E2A-CB27-61C1-1C6AD1E2801F}\AddressBar.dll ()
BHO-x32: ·çÐÐÊÓƵ²¥·Å¼°ÏÂÔØ×é¼þ - {4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - C:\Users\User\Funshion\funshiontools\FunshionHelper.dll (北京风行在线技术有限公司
)
BHO-x32: Baidu Toolbar BHO - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll ()
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: WebGuard - {E9D24EE9-9A81-178A-5893-B27CD5D0F82F} - C:\Program Files (x86)\Tencent\WebGuard\webguard.dll (腾讯)
BHO-x32: QMClinicBho Class - {F0BD17A0-E7F3-4EB6-839A-22B96137F10B} - C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\TSClinicWebListener.dll (TODO: <Company name>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - SOSO工具栏 - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\TENCENT\QQToolbar\IEBar.dll (TENCENT)
Toolbar: HKLM-x32 - No Name - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - No File
DPF: HKLM-x32 {1E525898-EE12-4002-9374-82D15147F762} hxxp://player.cntv.cn/flashplayer/config/plugins/wCNTVLive202.dll
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (QQ2013 Firefox Plugin) - C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No File
CHR Plugin: (QQ2013 Chrome Plugin for Chrome V23.0.1271.64 or latest version) - C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll No File
CHR Plugin: (Tencent SSO Platform) - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.95\Bin\npSSOAxCtrlForPTLogin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Kingsoft Internet Security) - C:\Program Files (x86)\Kingsoft\kingsoft antivirus\npkws.dll (Kingsoft Corporation)
CHR Plugin: (\u817E\u8BAF\u89C6\u9891) - C:\Program Files (x86)\Tencent\QQLive\LiveOcx\npQQLive.dll (Tencent)
CHR Plugin: (QQMusic) - C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll (Tencent)
CHR Plugin: (QQPCMgr Detector) - C:\Program Files (x86)\Tencent\QQPCMgr\7.5.8439.209\npQMExtensionsMozilla.dll No File
CHR Plugin: (npQQPhotoDrawEx) - C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (\u91D1\u5C71\u6BD2\u9738\u4E0A\u7F51\u4FDD\u62A4) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbncjlebdihjkdedfcajhfepaapbioa\1.3.0.0_0
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (QQDownload) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nobfdmmammchijbkljbjkalkjjbhcgdp\0.9_0
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [efbncjlebdihjkdedfcajhfepaapbioa] - C:\Program Files (x86)\Kingsoft\kingsoft antivirus\npkws.crx
CHR HKLM-x32\...\Chrome\Extension: [nobfdmmammchijbkljbjkalkjjbhcgdp] - C:\Program Files (x86)\Tencent\QQDownload\Browser\Chrome\QQDownload_Chrome_Extension.crx
==================== Services (Whitelisted) =================
S3 BaiduUpdater; C:\Program Files (x86)\Baidu\BaiduUpdate\bdupdate.exe [1262168 2013-10-29] (Baidu.com, Inc.)
R2 BDSGRTP; C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.1.0.30\BaiduProtect.exe [1092960 2013-11-05] (百度在线网络技术(北京)有限公司)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 kxescore; C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kxescore.exe [259424 2013-11-19] (Kingsoft Corporation)
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\QQPCRtp.exe [829088 2013-10-21] (Tencent)
R2 TBUpdate; C:\Program Files\Tencent\barupdate\TBUpdate.exe [407392 2013-07-25] (Tencent)
==================== Drivers (Whitelisted) ====================
S1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [99144 2013-11-05] (Baidu)
R1 bd0004; C:\Windows\System32\DRIVERS\bd0004.sys [169800 2013-11-05] (Baidu)
R1 KDHacker; C:\Program Files (x86)\Kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys [153912 2013-11-02] (Kingsoft Corporation)
R2 kisknl; C:\Windows\system32\drivers\kisknl.sys [224056 2013-11-04] (Kingsoft Corporation)
R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [57192 2013-11-02] (Kingsoft Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [99440 2012-04-25] (Qualcomm Atheros Co., Ltd.)
R3 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\QMUdisk64.sys [14136 2013-10-21] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\QQSysMonX64.sys [112440 2013-10-21] (电脑管家)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2012-03-08] (Synaptics Incorporated)
R1 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2013-10-21] (电脑管家)
R1 TSCPM; C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\tscpm64.sys [42296 2013-10-21] (电脑管家)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\8.5.10246.226\TSSysKit64.sys [82744 2013-10-21] (电脑管家)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U2 MPFIREWL;
U2 MPFP;
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-29 13:51 - 2013-11-29 13:51 - 00014356 _____ C:\Users\User\Downloads\FRST.txt
2013-11-29 13:40 - 2013-11-29 13:40 - 00000096 _____ C:\Users\User\Desktop\Neues Textdokument (2).txt
2013-11-29 13:33 - 2013-11-29 13:33 - 01959024 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2013-11-29 13:33 - 2013-11-29 13:33 - 00000000 ____D C:\FRST
2013-11-29 13:32 - 2013-11-29 13:32 - 01092049 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2013-11-29 13:29 - 2013-11-29 13:30 - 00000470 _____ C:\Users\User\Downloads\defogger_disable.log
2013-11-29 13:29 - 2013-11-29 13:29 - 00000000 _____ C:\Users\User\defogger_reenable
2013-11-29 13:28 - 2013-11-29 13:28 - 00050477 _____ C:\Users\User\Downloads\Defogger.exe
2013-11-29 13:00 - 2013-11-29 13:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-29 12:45 - 2013-11-29 12:45 - 00000000 ___HD C:\Users\User\AppData\Roaming\Gggprupelg
2013-11-29 11:46 - 2013-11-29 11:46 - 00001754 _____ C:\Windows\PFRO.log
2013-11-28 13:41 - 2013-11-28 13:41 - 00049168 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-26 14:18 - 2013-11-05 13:32 - 00169800 _____ (Baidu) C:\Windows\system32\Drivers\bd0004.sys
2013-11-26 14:18 - 2013-11-05 13:32 - 00099144 _____ (Baidu) C:\Windows\system32\Drivers\bd0001.sys
2013-11-26 14:18 - 2013-11-05 13:32 - 00039240 _____ (Baidu) C:\Windows\system32\bd64_x64.dll
2013-11-26 14:18 - 2013-11-05 13:32 - 00027976 _____ (Baidu) C:\Windows\system32\bd64_x86.dll
2013-11-26 13:28 - 2013-11-26 13:27 - 00041696 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kpackflt64.sys
2013-11-26 13:28 - 2013-11-26 13:27 - 00031896 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kpackflt.sys
2013-11-19 12:46 - 2013-11-19 12:46 - 00000000 _____ C:\Users\User\Desktop\QQBrowser.lnk
2013-11-14 17:23 - 2013-10-13 16:58 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 17:23 - 2013-10-13 16:09 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 17:23 - 2013-10-13 15:55 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 17:23 - 2013-10-13 15:48 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 17:23 - 2013-10-13 15:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 17:23 - 2013-10-13 15:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 17:23 - 2013-10-13 15:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 17:23 - 2013-10-13 15:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 17:23 - 2013-10-13 15:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 17:23 - 2013-10-13 15:42 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 17:23 - 2013-10-13 15:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 17:23 - 2013-10-13 15:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 17:23 - 2013-10-13 15:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 17:23 - 2013-10-13 15:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 17:23 - 2013-10-13 15:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 17:23 - 2013-10-13 15:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 17:23 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 17:23 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 17:23 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 17:23 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 17:23 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-14 17:23 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 17:23 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-14 17:23 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 17:23 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 17:23 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-14 17:23 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-14 17:23 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 17:23 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 17:23 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-14 17:23 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 17:23 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 00:43 - 2013-10-11 05:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 00:43 - 2013-10-11 05:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 00:43 - 2013-10-11 03:29 - 00217074 _____ C:\Windows\system32\WFP.TMF
2013-11-14 00:43 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 00:43 - 2013-10-03 16:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 00:43 - 2013-10-03 16:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 00:43 - 2013-10-03 13:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 00:43 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 00:43 - 2013-09-04 03:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 18:43 - 2013-11-13 18:48 - 07343752 _____ (北京风行在线技术有限公司) C:\Users\User\Documents\FunshionInstall_C171939.exe
2013-11-13 14:48 - 2013-11-13 14:48 - 01071328 _____ (Solid State Networks) C:\Users\User\Downloads\install_reader10_de_mssa_aaa_aih (1).exe
2013-11-13 14:34 - 2013-11-13 14:35 - 01071328 _____ (Solid State Networks) C:\Users\User\Downloads\install_reader10_de_mssa_aaa_aih.exe
2013-11-04 21:47 - 2013-11-04 21:47 - 00000000 ____D C:\ProgramData\kantu
2013-11-03 13:14 - 2013-11-03 13:14 - 00001123 _____ C:\Users\Public\Desktop\BaiduPlayer.lnk
2013-11-03 12:59 - 2013-11-03 12:59 - 00002016 _____ C:\Users\Public\Desktop\影视大全.lnk
2013-11-02 19:12 - 2013-11-02 19:12 - 00000000 ____D C:\Users\User\AppData\Roaming\shoujizhushou
2013-11-02 19:11 - 2013-11-04 17:33 - 00224056 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kisknl.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00223032 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kisknl64.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00153912 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kdhacker64.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00101176 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kdhacker.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00084840 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00057192 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00031848 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kavbootc64.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00028520 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kavbootc.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00024472 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\bc.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00019352 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksskrpr.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00018296 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kusbquery64.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00014200 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kusbquery.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00000946 _____ C:\Users\Public\Desktop\新毒霸.lnk
2013-11-02 19:10 - 2013-11-02 19:10 - 00000000 ____D C:\Program Files (x86)\QQMailPlugin
2013-11-02 12:49 - 2013-11-02 12:49 - 00007176 _____ C:\Users\User\Downloads\Widerruf des Abschlusses des GMX TopMail-Vertrags (Testphase).html
2013-11-02 12:27 - 2013-11-02 12:27 - 00000000 _____ C:\Users\User\Desktop\Neues Textdokument.txt
==================== One Month Modified Files and Folders =======
2013-11-29 13:51 - 2013-11-29 13:51 - 00014356 _____ C:\Users\User\Downloads\FRST.txt
2013-11-29 13:51 - 2009-04-11 16:39 - 01052921 _____ C:\Windows\WindowsUpdate.log
2013-11-29 13:50 - 2009-04-11 23:18 - 01445224 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-29 13:50 - 2009-04-11 23:16 - 00628668 _____ C:\Windows\system32\perfh007.dat
2013-11-29 13:50 - 2009-04-11 23:16 - 00126442 _____ C:\Windows\system32\perfc007.dat
2013-11-29 13:48 - 2013-10-21 11:27 - 00002062 _____ C:\Users\Public\Desktop\软件管理.lnk
2013-11-29 13:47 - 2013-09-15 19:38 - 00002584 _____ C:\Users\User\funshion.ini
2013-11-29 13:47 - 2013-09-15 19:38 - 00000000 ____D C:\Users\User\Funshion
2013-11-29 13:46 - 2013-03-21 10:37 - 00000000 ____D C:\Users\User\Documents\Tencent Files
2013-11-29 13:44 - 2013-06-07 18:27 - 00004138 _____ C:\Windows\System32\Tasks\BaiduBrowserUpdater
2013-11-29 13:42 - 2006-11-02 16:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-29 13:42 - 2006-11-02 16:20 - 00004928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-29 13:42 - 2006-11-02 16:20 - 00004928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-29 13:42 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\Registration
2013-11-29 13:40 - 2013-11-29 13:40 - 00000096 _____ C:\Users\User\Desktop\Neues Textdokument (2).txt
2013-11-29 13:33 - 2013-11-29 13:33 - 01959024 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2013-11-29 13:33 - 2013-11-29 13:33 - 00000000 ____D C:\FRST
2013-11-29 13:32 - 2013-11-29 13:32 - 01092049 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2013-11-29 13:30 - 2013-11-29 13:29 - 00000470 _____ C:\Users\User\Downloads\defogger_disable.log
2013-11-29 13:29 - 2013-11-29 13:29 - 00000000 _____ C:\Users\User\defogger_reenable
2013-11-29 13:28 - 2013-11-29 13:28 - 00050477 _____ C:\Users\User\Downloads\Defogger.exe
2013-11-29 13:00 - 2013-11-29 13:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-29 12:45 - 2013-11-29 12:45 - 00000000 ___HD C:\Users\User\AppData\Roaming\Gggprupelg
2013-11-29 12:11 - 2013-03-21 10:40 - 00000000 ___HD C:\ad9253aeb1dff86838fc874139ed6c3a
2013-11-29 11:46 - 2013-11-29 11:46 - 00001754 _____ C:\Windows\PFRO.log
2013-11-28 22:54 - 2013-06-11 13:03 - 00001680 _____ C:\Users\User\Desktop\debug.log
2013-11-28 22:54 - 2006-11-02 16:38 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-28 13:41 - 2013-11-28 13:41 - 00049168 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-26 17:10 - 2013-05-15 20:40 - 00000000 ____D C:\ProgramData\Baidu
2013-11-26 13:27 - 2013-11-26 13:28 - 00041696 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kpackflt64.sys
2013-11-26 13:27 - 2013-11-26 13:28 - 00031896 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kpackflt.sys
2013-11-23 19:12 - 2013-10-26 17:45 - 00000073 _____ C:\ProgramData\Update.ini
2013-11-22 14:34 - 2013-05-15 20:40 - 00000000 ____D C:\baidu player
2013-11-19 17:22 - 2013-08-03 12:27 - 00001862 _____ C:\Users\Public\Desktop\腾讯视频.lnk
2013-11-19 12:46 - 2013-11-19 12:46 - 00000000 _____ C:\Users\User\Desktop\QQBrowser.lnk
2013-11-19 12:46 - 2013-04-04 19:35 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent
2013-11-19 12:46 - 2013-03-21 10:36 - 00000000 ____D C:\Program Files (x86)\Tencent
2013-11-16 18:12 - 2013-03-21 14:01 - 00002029 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-16 00:08 - 2013-09-15 19:38 - 00000000 ____D C:\FunshionMedia
2013-11-15 14:28 - 2013-06-02 19:03 - 00000911 _____ C:\Users\User\AppData\Roaming\coreavc.ini
2013-11-14 18:01 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\rescache
2013-11-14 17:23 - 2013-08-16 10:18 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 17:20 - 2006-11-02 13:35 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-14 11:20 - 2013-06-07 18:02 - 00224824 _____ (Tencent) C:\Windows\SysWOW64\MMInstaller.dll
2013-11-13 18:48 - 2013-11-13 18:43 - 07343752 _____ (北京风行在线技术有限公司) C:\Users\User\Documents\FunshionInstall_C171939.exe
2013-11-13 14:48 - 2013-11-13 14:48 - 01071328 _____ (Solid State Networks) C:\Users\User\Downloads\install_reader10_de_mssa_aaa_aih (1).exe
2013-11-13 14:35 - 2013-11-13 14:34 - 01071328 _____ (Solid State Networks) C:\Users\User\Downloads\install_reader10_de_mssa_aaa_aih.exe
2013-11-11 05:50 - 2013-03-21 10:13 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-08 13:47 - 2013-03-21 10:36 - 00000000 ____D C:\Users\User\AppData\Roaming\Tencent
2013-11-08 13:47 - 2013-02-01 01:13 - 00000000 ____D C:\Windows\Panther
2013-11-05 13:32 - 2013-11-26 14:18 - 00169800 _____ (Baidu) C:\Windows\system32\Drivers\bd0004.sys
2013-11-05 13:32 - 2013-11-26 14:18 - 00099144 _____ (Baidu) C:\Windows\system32\Drivers\bd0001.sys
2013-11-05 13:32 - 2013-11-26 14:18 - 00039240 _____ (Baidu) C:\Windows\system32\bd64_x64.dll
2013-11-05 13:32 - 2013-11-26 14:18 - 00027976 _____ (Baidu) C:\Windows\system32\bd64_x86.dll
2013-11-04 21:47 - 2013-11-04 21:47 - 00000000 ____D C:\ProgramData\kantu
2013-11-04 17:33 - 2013-11-02 19:11 - 00224056 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kisknl.sys
2013-11-03 13:14 - 2013-11-03 13:14 - 00001123 _____ C:\Users\Public\Desktop\BaiduPlayer.lnk
2013-11-03 13:14 - 2013-04-03 16:18 - 00000000 ____D C:\Users\User\AppData\Roaming\baidu
2013-11-03 13:13 - 2013-05-15 20:45 - 00000000 ____D C:\baidu download
2013-11-03 13:13 - 2013-05-15 20:44 - 00000598 _____ C:\Windows\SysWOW64\bdsecushr.dat
2013-11-03 12:59 - 2013-11-03 12:59 - 00002016 _____ C:\Users\Public\Desktop\影视大全.lnk
2013-11-02 19:13 - 2013-06-06 20:46 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯游戏
2013-11-02 19:12 - 2013-11-02 19:12 - 00000000 ____D C:\Users\User\AppData\Roaming\shoujizhushou
2013-11-02 19:12 - 2013-03-21 10:37 - 00000000 ____D C:\Program Files\TENCENT
2013-11-02 19:11 - 2013-11-02 19:11 - 00223032 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kisknl64.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00153912 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kdhacker64.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00101176 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kdhacker.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00084840 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00057192 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00031848 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kavbootc64.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00028520 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kavbootc.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00024472 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\bc.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00019352 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksskrpr.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00018296 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kusbquery64.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00014200 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kusbquery.sys
2013-11-02 19:11 - 2013-11-02 19:11 - 00000946 _____ C:\Users\Public\Desktop\新毒霸.lnk
2013-11-02 19:11 - 2013-03-21 10:41 - 00000000 ____D C:\Program Files (x86)\Kingsoft
2013-11-02 19:10 - 2013-11-02 19:10 - 00000000 ____D C:\Program Files (x86)\QQMailPlugin
2013-11-02 19:06 - 2013-08-22 12:51 - 00002148 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度浏览器.lnk
2013-11-02 19:06 - 2013-06-07 18:27 - 00002130 _____ C:\Users\User\Desktop\百度浏览器.lnk
2013-11-02 12:49 - 2013-11-02 12:49 - 00007176 _____ C:\Users\User\Downloads\Widerruf des Abschlusses des GMX TopMail-Vertrags (Testphase).html
2013-11-02 12:27 - 2013-11-02 12:27 - 00000000 _____ C:\Users\User\Desktop\Neues Textdokument.txt
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-29 13:55
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- |
|
29.11.2013, 14:54
| #2 | |
| /// the machine /// TB-Ausbilder    | E-mail mit Mahnung von einem Anwalt über eine unbekannte Bestellung Hi,
__________________ja war es. Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
