cmd.exe

Taichang · 26.07.2013, 12:38

Lieben Helfer,
ich kann seit gestern auf meinem PC Windows7 nicht benutzen. Nachdem ich Windows eingelogt bin, kommt Schwarze Bildschirm steht mit ''cmd.exe'' und seitdem suche ich Antworten. Ich habe auch schon mit frst.exe gescant. Daunten habe ich auch die FRST Logfile:

schrauber · 26.07.2013, 13:13

hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Taichang · 26.07.2013, 13:36

Ok, danke. Ich versuche es:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-07-2013
Ran by SYSTEM on 26-07-2013 12:09:37
Running from G:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe [304464 2010-02-14] (BullGuard Ltd.)
HKLM\...\Run: [KSafeTray] - C:\Program Files\Kingsoft\KSafe\KSafeTray.exe [75208 2012-09-22] (Kingsoft Corporation)
HKLM\...\Run: [kxesc] - C:\Program Files\Kingsoft\Kingsoft Antivirus\kxetray.exe [1306784 2013-07-12] (Kingsoft Corporation)
HKLM\...\Run: [EPSON Stylus DX4200 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /F "C:\Windows\TEMP\E_SB0AB.tmp" /EF "HKLM" [x]
HKLM\...\Run: [EPSON Stylus DX4200 Series (Kopie 1)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /F "C:\Windows\TEMP\E_S84A9.tmp" /EF "HKLM" [x]
HKLM\...\Run: [ QQPCTray] - C:\Program Files\Tencent\QQPCMgr\7.6.8696.225\QQPCTray.exe [1009816 2013-03-21] (Tencent)
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2010-11-20] (Microsoft Corporation)
HKU\Default\...\RunOnce: [SetScreenSaver] - C:\Windows\System32\oobe\info\SetScreenSaver.lnk [ 2003-09-28] ()
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [SetScreenSaver] - C:\Windows\System32\oobe\info\SetScreenSaver.lnk [ 2003-09-28] ()
HKU\***\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [ 2010-02-14] (BullGuard Ltd.)
HKU\***\...\Run: [] -  [x]
HKU\***\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION 

========================== Services (Whitelisted) =================

S3 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
S3 BBDemon; C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [49152 2006-04-29] (Dassault Systemes)
S3 BgLiveSvc; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [304464 2010-02-14] (BullGuard Ltd.)
S2 BgMainSvc; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [79184 2010-02-14] (BullGuard Ltd.)
S2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [132432 2009-04-06] (BullGuard Ltd.)
S2 BsFire; C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll [333136 2009-04-06] (BullGuard Ltd.)
S2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy.dll [87376 2009-04-16] (BullGuard Ltd.)
S3 C-DillaCdaC11BA; C:\Windows\system32\drivers\CDAC11BA.EXE [54784 2012-09-26] (Macrovision)
S3 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584 2007-04-03] (Cisco Systems, Inc.)
S2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S2 gupdate1ca7a6cbf174a23; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-12-11] (Google Inc.)
S3 HZ_CommSrv; C:\Windows\system32\HZ_CommSrv.exe [15536 2009-11-15] (华大智宝电子系统有限公司)
S2 Kingsoft Antivirus WebShield Service; C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\KSWebShield.exe [394648 2011-05-30] (Kingsoft Corporation)
S2 knbcenter; C:\Users\Taichang\AppData\Local\liebao\LBBrowser\knbcenter.exe [456544 2013-07-03] (Kingsoft Corporation)
S2 KSafeSvc; C:\Program Files\Kingsoft\KSafe\KSafeSvc.exe [230856 2012-09-22] (Kingsoft Corporation)
S2 kxescore; C:\Program Files\Kingsoft\Kingsoft Antivirus\kxescore.exe [168784 2013-06-12] (Kingsoft Corporation)
S3 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S3 QDeskSvc; C:\Program Files\Tencent\QDesk\updater.exe [406904 2012-03-08] (Tencent)
S2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\7.6.8696.225\QQPCRtp.exe [806920 2013-03-21] (Tencent)
S3 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-02-25] ()
S3 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone)
S3 WDMonitorCCB; C:\Windows\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe [57344 2010-10-12] ( Beijing WatchData System Co., Ltd.)

==================== Drivers (Whitelisted) ====================

S1 afw; C:\Windows\System32\DRIVERS\afw.sys [29208 2009-03-23] (Agnitum Ltd.)
S3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [305688 2009-03-23] (Agnitum Ltd.)
S0 BC; C:\Windows\System32\Drivers\BC.sys [24472 2010-11-06] (Kingsoft Corporation)
S2 BdFileSpy; C:\Windows\system32\drivers\BdFileSpy.sys [55504 2009-01-23] (BullGuard Ltd.)
S2 CdaC15BA; C:\Windows\system32\drivers\CDAC15BA.SYS [12464 2012-09-26] (Macrovision Europe Ltd)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306295 2007-04-03] (Cisco Systems, Inc.)
S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
S0 KAVBootC; C:\Windows\System32\drivers\KAVBootC.sys [27240 2012-11-24] (Kingsoft Corporation)
S1 KDHacker; C:\Program Files\Kingsoft\Kingsoft Antivirus\security\kxescan\kdhacker.sys [127992 2012-09-23] (Kingsoft Corporation)
S2 kisknl; C:\Windows\system32\drivers\kisknl.sys [182072 2013-06-12] (Kingsoft Corporation)
S1 kmodurl; C:\Program Files\Kingsoft\KSafe\kmodurl.sys [111048 2012-09-22] (Kingsoft Corporation)
S3 KNBDrv; C:\Windows\system32\drivers\KNBDrv.sys [104248 2013-07-03] (Kingsoft Corporation)
S3 ksapi; C:\Windows\system32\drivers\ksapi.sys [84328 2013-04-23] (Kingsoft Corporation)
S1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [16688 2007-04-24] (IBM)
S3 Profos; C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys [14720 2009-12-10] (BitDefender S.R.L.)
S3 QMInject; C:\Program Files\Tencent\QQPCMgr\7.6.8696.225\QMInject.sys [43248 2013-03-21] ()
S1 QQProtect; C:\Windows\system32\drivers\QQProtect.sys [172728 2013-07-04] (Tencent)
S2 QQSysMon; C:\Program Files\Tencent\QQPCMgr\7.6.8696.225\QQSysMon.sys [74912 2013-03-21] (Tencent)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2009-12-10] (Duplex Secure Ltd.)
S1 TFsFlt; C:\Windows\System32\Drivers\TFsFlt.sys [123936 2013-04-01] (Tencent)
S4 TSCPM; C:\Program Files\Tencent\QQPCMgr\7.6.8696.225\tscpm.sys [37152 2013-03-21] (Tencent)
S1 TSDefenseBt; C:\Windows\System32\DRIVERS\TSDefenseBt.sys [62176 2013-03-21] (Tencent)
S0 TsFltMgr; C:\Windows\System32\drivers\TsFltMgr.sys [93280 2013-03-21] (Tencent)
S1 TSKSP; C:\Program Files\Tencent\QQPCMgr\7.6.8696.225\TSKSP.sys [174560 2013-03-21] (Tencent)
S4 TSSysKit; C:\Program Files\Tencent\QQPCMgr\7.6.8696.225\TSSysKit.sys [95776 2013-03-21] (Tencent)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2012-06-23] (Texas Instruments)
S1 vmm; C:\Windows\system32\Drivers\vmm.sys [230248 2011-08-29] (Microsoft Corporation)
S3 cpuz132; \??\C:\Users\Taichang\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [x]
S3 tcphoc; \??\C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.4.2104_2\Program\tcphoc.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-26 10:49 - 2013-07-26 10:49 - 00000000 ____D C:\FRST
2013-07-25 23:22 - 2013-07-25 23:22 - 01084740 _____ C:\Users\Taichang\AppData\Local\2433f433
2013-07-25 23:22 - 2013-07-25 23:22 - 01084700 _____ C:\Users\Taichang\AppData\Roaming\2433f433
2013-07-25 23:22 - 2013-07-25 23:22 - 01084683 _____ C:\ProgramData\2433f433
2013-07-25 18:04 - 2013-07-26 09:43 - 00000448 _____ C:\Windows\setupact.log
2013-07-25 18:04 - 2013-07-26 09:41 - 00003830 _____ C:\Windows\PFRO.log
2013-07-25 18:04 - 2013-07-25 18:04 - 00000000 _____ C:\Windows\setuperr.log
2013-07-18 20:51 - 2006-02-21 01:27 - 00081987 _____ (CANON INC.) C:\Windows\System32\AUCPLMNT.DLL
2013-07-18 20:50 - 2013-07-18 21:00 - 00000000 ____D C:\Program Files\Canon
2013-07-17 22:34 - 2013-07-17 22:34 - 00001217 _____ C:\Users\Taichang\Desktop\QQBrowser.lnk
2013-07-12 08:58 - 2013-07-12 08:58 - 00265408 _____ C:\Users\Taichang\Downloads\Nicht bestätigt 963620.crdownload
2013-07-12 07:42 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-12 07:42 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 20:29 - 2013-05-27 05:57 - 00067584 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-11 20:29 - 2013-05-27 04:20 - 01638912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-11 20:28 - 2013-05-27 06:02 - 00981504 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-11 20:28 - 2013-05-27 06:01 - 01231872 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-11 20:28 - 2013-05-27 06:01 - 00132096 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-11 20:28 - 2013-05-27 05:57 - 00627712 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-11 20:28 - 2013-05-27 05:56 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-11 20:28 - 2013-05-27 05:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-11 20:27 - 2013-05-27 05:57 - 06035456 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 20:27 - 2013-05-27 05:56 - 11020800 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-11 20:27 - 2013-05-27 05:56 - 02078208 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 22:10 - 2013-06-05 04:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 21:59 - 2013-04-10 06:02 - 01077760 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-10 21:36 - 2013-07-13 17:13 - 00000000 ____D C:\Users\Taichang\Desktop\2013-07-10 Pass1
2013-07-03 15:58 - 2013-07-25 18:06 - 00000000 ____D C:\ProgramData\QMovie
2013-07-03 15:58 - 2013-07-03 15:58 - 00000000 _____ C:\Users\Public\Desktop\影视搜索.qvd
2013-07-02 22:37 - 2013-07-02 23:11 - 00000000 ____D C:\Users\Taichang\Desktop\2013-07-02 APP
2013-06-30 22:41 - 2013-07-20 22:18 - 00000954 _____ C:\Users\Taichang\AppData\Roaming\coreavc.ini
2013-06-29 21:52 - 2013-06-29 21:52 - 00000000 ____D C:\Users\Taichang\AppData\Local\idevice
2013-06-29 21:41 - 2013-06-29 21:41 - 00000000 ___HD C:\ProgramData\PPStreamSetupRes_198424

==================== One Month Modified Files and Folders =======

2013-07-26 10:49 - 2013-07-26 10:49 - 00000000 ____D C:\FRST
2013-07-26 09:43 - 2013-07-25 18:04 - 00000448 _____ C:\Windows\setupact.log
2013-07-26 09:43 - 2009-10-21 07:26 - 00000884 _____ C:\Windows\System32\config\afw_hm.conf
2013-07-26 09:43 - 2009-10-21 07:26 - 00000004 _____ C:\Windows\System32\config\afw_db.conf
2013-07-26 09:43 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-07-26 09:41 - 2013-07-25 18:04 - 00003830 _____ C:\Windows\PFRO.log
2013-07-26 00:36 - 2009-12-10 15:08 - 01259085 _____ C:\Windows\WindowsUpdate.log
2013-07-26 00:19 - 2009-07-14 05:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-26 00:19 - 2009-07-14 05:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 23:22 - 2013-07-25 23:22 - 01084740 _____ C:\Users\Taichang\AppData\Local\2433f433
2013-07-25 23:22 - 2013-07-25 23:22 - 01084700 _____ C:\Users\Taichang\AppData\Roaming\2433f433
2013-07-25 23:22 - 2013-07-25 23:22 - 01084683 _____ C:\ProgramData\2433f433
2013-07-25 21:47 - 2009-12-10 15:08 - 00000000 ___RD C:\Users\Taichang\Desktop
2013-07-25 18:09 - 2009-12-10 15:45 - 00000000 ____D C:\Users\Taichang\Documents\Tencent Files
2013-07-25 18:06 - 2013-07-03 15:58 - 00000000 ____D C:\ProgramData\QMovie
2013-07-25 18:04 - 2013-07-25 18:04 - 00000000 _____ C:\Windows\setuperr.log
2013-07-25 14:25 - 2010-10-13 21:42 - 00000000 ____D C:\ProgramData\KSafe
2013-07-20 22:31 - 2011-10-04 15:32 - 00000000 ____D C:\ProgramData\QvodPlayer
2013-07-20 22:18 - 2013-06-30 22:41 - 00000954 _____ C:\Users\Taichang\AppData\Roaming\coreavc.ini
2013-07-20 22:18 - 2011-10-04 15:32 - 00000000 ____D C:\Media
2013-07-19 09:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-07-18 21:00 - 2013-07-18 20:50 - 00000000 ____D C:\Program Files\Canon
2013-07-18 20:59 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-07-17 22:34 - 2013-07-17 22:34 - 00001217 _____ C:\Users\Taichang\Desktop\QQBrowser.lnk
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-HK
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ru-RU
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-PT
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\hu-HU
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-07-16 22:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-07-15 20:25 - 2009-12-10 16:21 - 00000000 ____D C:\Users\Taichang\AppData\Local\Adobe
2013-07-15 20:23 - 2012-03-31 15:58 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-07-15 20:23 - 2011-10-10 19:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-07-14 21:43 - 2009-12-21 14:31 - 00000000 ____D C:\Windows\Minidump
2013-07-14 19:16 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-13 17:13 - 2013-07-10 21:36 - 00000000 ____D C:\Users\Taichang\Desktop\2013-07-10 Pass1
2013-07-12 10:02 - 2013-05-25 14:52 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\Ixteo
2013-07-12 10:02 - 2013-05-04 22:46 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\Amwita
2013-07-12 10:02 - 2012-04-25 21:43 - 00000000 ____D C:\Program Files\Free PDF to Word Doc Converter
2013-07-12 09:40 - 2009-12-10 18:02 - 00000000 __RHD C:\KRECYCLE
2013-07-12 08:58 - 2013-07-12 08:58 - 00265408 _____ C:\Users\Taichang\Downloads\Nicht bestätigt 963620.crdownload
2013-07-11 20:02 - 2009-09-29 07:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 23:51 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 23:48 - 2009-09-29 04:58 - 01636108 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-10 23:47 - 2009-09-29 07:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 23:35 - 2009-10-14 10:38 - 75699896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-10 22:59 - 2009-07-14 09:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 22:43 - 2009-07-14 05:33 - 03970128 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-10 22:11 - 2009-12-27 20:42 - 00000000 ____D C:\Users\Taichang\Desktop\娱乐
2013-07-08 13:03 - 2009-12-15 18:03 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\PPStream
2013-07-07 06:29 - 2013-05-02 20:08 - 00024064 _____ C:\Users\Taichang\Desktop\服事表.xls
2013-07-04 21:05 - 2013-01-01 22:02 - 00172728 _____ (Tencent) C:\Windows\System32\Drivers\QQProtect.sys
2013-07-03 17:03 - 2013-03-19 21:30 - 00104248 _____ (Kingsoft Corporation) C:\Windows\System32\Drivers\knbdrv.sys
2013-07-03 16:06 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-03 16:04 - 2012-10-24 18:34 - 00000000 ____D C:\Users\Taichang\AppData\Local\liebao
2013-07-03 16:03 - 2012-10-24 18:35 - 00001152 _____ C:\Users\Taichang\Desktop\猎豹浏览器.lnk
2013-07-03 16:02 - 2013-03-19 21:30 - 00090936 _____ (Kingsoft Corporation) C:\Windows\System32\Drivers\KNBDrv64.sys
2013-07-03 16:01 - 2011-10-04 15:32 - 00000000 ____D C:\Program Files\QvodPlayer
2013-07-03 15:58 - 2013-07-03 15:58 - 00000000 _____ C:\Users\Public\Desktop\影视搜索.qvd
2013-07-03 15:58 - 2012-09-29 21:16 - 00000000 ____D C:\Program Files\QMovie
2013-07-02 23:11 - 2013-07-02 22:37 - 00000000 ____D C:\Users\Taichang\Desktop\2013-07-02 APP
2013-07-01 21:56 - 2013-05-09 08:33 - 00000000 ____D C:\Users\Taichang\Desktop\2013-05-09 APP
2013-07-01 20:46 - 2013-06-12 20:30 - 00000016 _____ C:\Users\Taichang\Desktop\39420.txt
2013-06-30 21:29 - 2013-02-08 10:23 - 00000000 ____D C:\ppsvodcache
2013-06-29 21:52 - 2013-06-29 21:52 - 00000000 ____D C:\Users\Taichang\AppData\Local\idevice
2013-06-29 21:52 - 2009-12-15 18:03 - 00000000 ____D C:\Program Files\PPStream
2013-06-29 21:41 - 2013-06-29 21:41 - 00000000 ___HD C:\ProgramData\PPStreamSetupRes_198424

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-440308454-176116510-3628090066-1000\$c052fbe0589630756167858c02e5ffc7

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\Users\Taichang\0.351514327170817.exe
C:\ProgramData\8ghw.pad
C:\ProgramData\kp_0loor.pad
C:\ProgramData\oololot.pad
C:\ProgramData\piz_0ef.pad
C:\ProgramData\tololoo.dat
C:\ProgramData\to_r0tsef.pad
C:\ProgramData\whg8.dat

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-10 21:44:50
Restore point made on: 2013-07-10 21:58:35
Restore point made on: 2013-07-10 22:09:39
Restore point made on: 2013-07-10 22:22:47
Restore point made on: 2013-07-10 22:36:33
Restore point made on: 2013-07-10 22:57:33
Restore point made on: 2013-07-10 23:10:05
Restore point made on: 2013-07-10 23:26:11
Restore point made on: 2013-07-10 23:27:32
Restore point made on: 2013-07-11 20:26:15
Restore point made on: 2013-07-12 07:36:30
Restore point made on: 2013-07-12 23:03:27
Restore point made on: 2013-07-16 13:33:58
Restore point made on: 2013-07-16 15:27:09
Restore point made on: 2013-07-20 17:56:27
Restore point made on: 2013-07-23 21:39:55

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 4028.88 MB
Available physical RAM: 3482.05 MB
Total Pagefile: 4027.15 MB
Available Pagefile: 3490.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.51 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:424.66 GB) (Free:324.08 GB) NTFS
Drive e: (Recover) (Fixed) (Total:40 GB) (Free:25.49 GB) NTFS
Drive g: (Memory card) (Removable) (Total:0.96 GB) (Free:0.88 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: F98D6E74)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=425 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 983 MB) (Disk ID: FFFFFFFF)
No partition Table on disk 1.


LastRegBack: 2013-07-24 11:34

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 26.07.2013, 14:32

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\***\...\Run: [] -  [x]
HKU\***\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
2013-07-25 23:22 - 2013-07-25 23:22 - 01084740 _____ C:\Users\Taichang\AppData\Local\2433f433
2013-07-25 23:22 - 2013-07-25 23:22 - 01084700 _____ C:\Users\Taichang\AppData\Roaming\2433f433
2013-07-25 23:22 - 2013-07-25 23:22 - 01084683 _____ C:\ProgramData\2433f433
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-440308454-176116510-3628090066-1000\$c052fbe0589630756167858c02e5ffc7
C:\ProgramData\rundll32.exe
C:\Users\Taichang\0.351514327170817.exe
C:\ProgramData\8ghw.pad
C:\ProgramData\kp_0loor.pad
C:\ProgramData\oololot.pad
C:\ProgramData\piz_0ef.pad
C:\ProgramData\tololoo.dat
C:\ProgramData\to_r0tsef.pad
C:\ProgramData\whg8.dat

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

neu booten ,freuen

Taichang · 26.07.2013, 15:09

Danke sehr ich gelange jetzt ins Windows!!!!

Code:

ATTFilter

ix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-07-2013
Ran by SYSTEM at 2013-07-26 15:56:55 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

HKU\Taichang\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\Taichang\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Taichang\AppData\Local\2433f433 => Moved successfully.
C:\Users\Taichang\AppData\Roaming\2433f433 => Moved successfully.
C:\ProgramData\2433f433  => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-440308454-176116510-3628090066-1000\$c052fbe0589630756167858c02e5ffc7 => Moved successfully.
C:\ProgramData\rundll32.exe => Moved successfully.
C:\Users\Taichang\0.351514327170817.exe => Moved successfully.
C:\ProgramData\8ghw.pad => Moved successfully.
C:\ProgramData\kp_0loor.pad => Moved successfully.
C:\ProgramData\oololot.pad => Moved successfully.
C:\ProgramData\piz_0ef.pad => Moved successfully.
C:\ProgramData\tololoo.dat => Moved successfully.
C:\ProgramData\to_r0tsef.pad => Moved successfully.
C:\ProgramData\whg8.dat => Moved successfully.

==== End of Fixlog ====

schrauber · 27.07.2013, 10:33

hi,
Sorry für die Verspätung, liege flach mit Grippe und Fieber.

Ab jetzt im normalen WIndows:

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Taichang · 27.07.2013, 14:17

Hi, gute Besserung!

Habe mit AdwCleaner gelöscht. Aber nachdem Neustart taucht cmd.exe Fenster wieder auf und läuft entlos viele zugriff verweigerte Dateipositionen. Es läuft läuft und läuft...
Soll ich einfach das Fenster schließen?

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 27/07/2013 um 14:01:54 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Taichang - TAICHANG-PC
# Bootmodus : Normal
# Ausgeführt unter : D:\Software\Trojaner-board\adwcleaner.exe
# Option [L?schen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gel?scht mit Neustart : C:\Program Files\Common Files\Tencent
Gel?scht mit Neustart : C:\Program Files\Tencent
Gel?scht mit Neustart : C:\ProgramData\Tencent
Gel?scht mit Neustart : C:\Users\Taichang\AppData\Roaming\Tencent

***** [Registrierungsdatenbank] *****

Schlüssel Gel?scht : HKCU\Software\TENCENT
Schlüssel Gel?scht : HKLM\Software\TENCENT

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v3.6.13 (de)

Datei : C:\Users\Taichang\AppData\Roaming\Mozilla\Firefox\Profiles\10beh22s.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Taichang\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [36633 octets] - [27/07/2013 13:36:46]
AdwCleaner[S2].txt - [380 octets] - [27/07/2013 14:01:08]
AdwCleaner[S3].txt - [1329 octets] - [27/07/2013 14:01:54]

########## EOF - C:\AdwCleaner[S3].txt - [1389 octets] ##########

schrauber · 27.07.2013, 18:00

Mach mal den Rest der Anleitung. Und zeig mir bitte nen Screenshot von dem Fenster.

Taichang · 27.07.2013, 20:01

Lieber Schrauber,
habe jetzt die JRT!!!

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.5 (07.26.2013:2)
OS: Windows 7 Home Premium x86
Ran by Taichang on 27.07.2013 at 20:47:32,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-440308454-176116510-3628090066-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\addresssearch.jsobject
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\addresssearch.jsobject.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\addresssearch.snavhttpprotocol
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\addresssearch.snavhttpprotocol.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\asbarbroker.bdbroker
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\asbarbroker.bdbroker.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\baidubar.tool
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\baidubar.tool.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\baidubarex.bdhomepage
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\baidubarex.bdhomepage.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\baidubarex.bdhomepage.2
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\baidubarex.bdhomepage.3
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\baidubarex.bdhomepage.4
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\baidubarex.bdhomepage.5
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\baidubarx.bandie
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\baidubarx.bandie.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\baidubarx.toolband
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\baidubarx.toolband.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\barbroker.bdbroker
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\barbroker.bdbroker.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{12CE0250-71FA-48B7-B0FF-6DD6675C76D3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1FF7973D-AB0A-496d-82C1-4EADBBA11E7B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{44177982-996D-4b79-B29F-5B60E13A5169}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C7C23EF-A848-485B-873C-0ED954731014}



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\tencent"
Failed to delete: [Folder] "C:\ProgramData\application data\tencent"
Failed to delete: [Folder] "C:\Users\Taichang\AppData\Roaming\tencent"
Failed to delete: [Folder] "C:\Program Files\tencent"
Successfully deleted: [Empty Folder] C:\Users\Taichang\appdata\local\{C80E05D4-1CEC-4BE6-A293-ABE3160F1B46}
Successfully deleted: [Empty Folder] C:\Users\Taichang\appdata\local\{EE2BD650-95D7-44B8-9C5A-6C35C2BE683D}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.07.2013 at 20:54:54,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber · 28.07.2013, 07:10

FRST und der Screenshot fehlen noch

Taichang · 29.07.2013, 22:03

Sorry, das es etwas gedauert hat, aber gehts es bei dir alles gut mit Grippe und Fieber?

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-07-2013
Ran by Taichang (administrator) on 29-07-2013 22:01:20
Running from C:\Users\Taichang\Desktop
Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe [304464 2010-02-14] (BullGuard Ltd.)
HKLM\...\Run: [KSafeTray] - C:\Program Files\Kingsoft\KSafe\KSafeTray.exe [75208 2012-09-22] (Kingsoft Corporation)
HKLM\...\Run: [kxesc] - C:\Program Files\Kingsoft\Kingsoft Antivirus\kxetray.exe [2100384 2013-07-26] (Kingsoft Corporation)
HKLM\...\Run: [EPSON Stylus DX4200 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /F "C:\Windows\TEMP\E_SB0AB.tmp" /EF "HKLM" [x]
HKLM\...\Run: [EPSON Stylus DX4200 Series (Kopie 1)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /F "C:\Windows\TEMP\E_S84A9.tmp" /EF "HKLM" [x]
HKLM\...\Run: [ QQPCTray] - C:\Program Files\Tencent\QQPCMgr\7.6.8696.225\QQPCTray.exe [1009816 2013-03-21] (Tencent)
HKCU\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [304464 2010-02-14] (BullGuard Ltd.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKCU\...\Run: [Nopys] - C:\Users\Taichang\AppData\Roaming\Veguhy\kygoe.exe [300544 2013-06-10] (IBM Corporation and others)
MountPoints2: {4ebdb5c1-61e0-11df-95fa-002220086620} - G:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {4ebdb5cd-61e0-11df-95fa-002220086620} - G:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {4ebdb679-61e0-11df-95fa-002220086620} - G:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {4ebdb67b-61e0-11df-95fa-002220086620} - G:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {cb08fa5f-7000-11e1-9dc4-002220086620} - G:\Setup.exe
MountPoints2: {d0e598ba-7f25-11e0-9c25-002220086620} - G:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {d0e598bd-7f25-11e0-9c25-002220086620} - G:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {d0e598c5-7f25-11e0-9c25-002220086620} - G:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {eb129050-6abd-11e0-8355-002220086620} - G:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {eb129052-6abd-11e0-8355-002220086620} - G:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {eb12906d-6abd-11e0-8355-002220086620} - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2010-11-20] (Microsoft Corporation)
HKU\Default\...\RunOnce: [SetScreenSaver] - C:\Windows\System32\oobe\info\SetScreenSaver.lnk [ 2003-09-28] ()
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [SetScreenSaver] - C:\Windows\System32\oobe\info\SetScreenSaver.lnk [ 2003-09-28] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {E8981D79-2146-48BC-8F69-3483DB12612B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: ThunderAtOnce Class - {01443AEC-0FD1-40fd-9C87-E93D1494C233} -  No File
BHO: EyeOnIE Class - {20E1725C-7237-41A9-954A-04DCCB1FD16C} - C:\Program Files\Baofeng\StormPlayer\MediaLibraryIcon.dll (北京暴风科技股份有限公司)
BHO: SOSO工具栏 - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll No File
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: CSohuDetector Object - {452ADB5B-00BE-469D-A65F-3046146B2ED5} - C:\Program Files\搜狐影音\SoHuAutoDetector.dll (Sohu)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: QvodGameExtend - {94C3E4BB-A261-4A83-B437-EA6F7A28CA68} - C:\Program Files\Kuaiwan\QvodGameExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files\QvodPlayer\QvodExtend\5.0.90.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - SOSO工具栏 - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - No Name - {B580CF65-E151-49C3-B73F-70B13FCA8E86} -  No File
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -No Name - {65F8A3D2-4C22-4A33-9633-73167EAEEC45} -  No File
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -No Name - {B580CF65-E151-49C3-B73F-70B13FCA8E86} -  No File
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {DD5BF6D1-6663-47E0-9DFA-5C343CAF178E} hxxp://xmp.down.sandai.net/kankan/xinstaller.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} hxxp://download.pplive.com/config/pplite/pluginsetup.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\BGLsp.dll [87376] (BullGuard Ltd.)
Winsock: Catalog9 02 C:\Windows\system32\BGLsp.dll [87376] (BullGuard Ltd.)
Winsock: Catalog9 03 C:\Windows\system32\BGLsp.dll [87376] (BullGuard Ltd.)
Winsock: Catalog9 04 C:\Windows\system32\BGLsp.dll [87376] (BullGuard Ltd.)
Winsock: Catalog9 05 C:\Windows\system32\BGLsp.dll [87376] (BullGuard Ltd.)
Winsock: Catalog9 06 C:\Windows\system32\BGLsp.dll [87376] (BullGuard Ltd.)
Winsock: Catalog9 07 C:\Windows\system32\BGLsp.dll [87376] (BullGuard Ltd.)
Winsock: Catalog9 08 C:\Windows\system32\BGLsp.dll [87376] (BullGuard Ltd.)
Winsock: Catalog9 09 C:\Windows\system32\BGLsp.dll [87376] (BullGuard Ltd.)
Winsock: Catalog9 10 C:\Windows\system32\BGLsp.dll [87376] (BullGuard Ltd.)
Winsock: Catalog9 21 C:\Windows\system32\BGLsp.dll [87376] (BullGuard Ltd.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Users\Taichang\AppData\Roaming\Mozilla\Firefox\Profiles\10beh22s.default
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://de.msn.com/?pc=UP21&ocid=UP21DHP&dt=031713
FF NetworkProxy: "type", 4
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=031713&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX OVS Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @kingsfot.com/npkws - C:\Program Files\Kingsoft\Kingsoft Antivirus\npkws.dll (Kingsoft Corporation)
FF Plugin: @kingsoft.com/npkvip - C:\Program Files\Kingsoft\Kingsoft Antivirus\npkvip.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pptv.com/plugin - C:\Program Files\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation)
FF Plugin: @qq.com/npqscall - C:\Program Files\Common Files\Tencent\Npchrome\npactivex.dll No File
FF Plugin: @qq.com/npqscall,version=1.0.0 - %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll No File
FF Plugin: @qq.com/QQlive - C:\Program Files\Tencent\QQLive\LiveOcx\npQQLive.dll No File
FF Plugin: @qq.com/QQPCMgr - C:\Program Files\Tencent\QQPCMgr\7.6.8696.225\npQMExtensionsMozilla.dll (Tencent Technology (Shenzhen) Company Limited)
FF Plugin: @qq.com/QQPhotoDrawEx - C:\Program Files\Tencent\Qzone\Ver_247.311\npQQPhotoDrawEx.dll No File
FF Plugin: @qq.com/QzoneMusic - C:\Program Files\Tencent\QQMusic\npQzoneMusic.dll No File
FF Plugin: @qq.com/TXSSO - C:\Program Files\Common Files\Tencent\TXSSO\1.2.2.18\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF Plugin: @qvod.com/QvodInsert - C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @qvod.com/QvodShare - C:\Program Files\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @sohu.com/npifox - C:\Program Files\搜狐影音\npifox.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @xunlei.com/DapCtrlPlugin - C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(852).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @qq.com/npQQAppAssistant - C:\Program Files\Common Files\QQAppAssistant\npQQAppAssistantExt.dll (腾讯公司)
FF Plugin HKCU: @qvod.com/QvodInsert - C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Taichang\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Taichang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: kuaikuai.cn/kkbrowseraddin - C:\Program Files\duowan\gamebox\npkkbrowseraddin.dll (广州华多网络科技有限公司)
FF Plugin HKCU: KuaiWanInsert - C:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin HKCU: kwcheck - C:\Program Files\Kuaiwan\npKWCheck.dll (Shenzhen QVOD Technology Co.,Ltd)
FF SearchPlugin: C:\Users\Taichang\AppData\Roaming\Mozilla\Firefox\Profiles\10beh22s.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Taichang\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
FF Extension: No Name - C:\Users\Taichang\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF HKLM\...\Firefox\Extensions: [fe_3.6@nokia.com] C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6
FF HKLM\...\Thunderbird\Extensions: [te_9.0@nokia.com] C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF Extension: BullGuard Backup - C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
FF Extension: BullGuard Spamfilter - C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter

Chrome: 
=======
CHR Extension: (CoolGame) - C:\Users\Taichang\AppData\Local\Google\Chrome\User Data\Default\Extensions\baplkljfcmjejgfabcnlhmijheiahekl\1.0.0.1_0
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx
CHR HKLM\...\Chrome\Extension: [jkkmokahijljipljmancfingmjemnkge] - C:\Program Files\Kingsoft\Kingsoft Antivirus\npkws.crx
CHR HKLM\...\Chrome\Extension: [joinpgckiioeklibflapokicmndlcnef] - C:\Program Files\Youdao\YoudaoNote\YoudaoNote-chrome.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx

========================== Services (Whitelisted) =================

S3 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
S3 BBDemon; C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [49152 2006-04-29] (Dassault Systemes)
S3 BgLiveSvc; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [304464 2010-02-14] (BullGuard Ltd.)
R2 BgMainSvc; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [79184 2010-02-14] (BullGuard Ltd.)
R2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [132432 2009-04-06] (BullGuard Ltd.)
R2 BsFire; C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll [333136 2009-04-06] (BullGuard Ltd.)
R2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy.dll [87376 2009-04-16] (BullGuard Ltd.)
S3 C-DillaCdaC11BA; C:\Windows\system32\drivers\CDAC11BA.EXE [54784 2012-09-26] (Macrovision)
S3 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584 2007-04-03] (Cisco Systems, Inc.)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S2 gupdate1ca7a6cbf174a23; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-12-11] (Google Inc.)
S3 HZ_CommSrv; C:\Windows\system32\HZ_CommSrv.exe [15536 2009-11-15] (华大智宝电子系统有限公司)
R2 Kingsoft Antivirus WebShield Service; C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\KSWebShield.exe [394648 2011-05-30] (Kingsoft Corporation)
R2 knbcenter; C:\Users\Taichang\AppData\Local\liebao\LBBrowser\knbcenter.exe [456544 2013-07-03] (Kingsoft Corporation)
S2 KSafeSvc; C:\Program Files\Kingsoft\KSafe\KSafeSvc.exe [230856 2012-09-22] (Kingsoft Corporation)
R2 kxescore; C:\Program Files\Kingsoft\Kingsoft Antivirus\kxescore.exe [168784 2013-07-26] (Kingsoft Corporation)
S3 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\7.6.8696.225\QQPCRtp.exe [806920 2013-03-21] (Tencent)
S3 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-02-25] ()
R2 TBUpdate; C:\Program Files\Tencent\barupdate\TBUpdate.exe [407392 2013-07-25] (Tencent)
S3 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone)
S3 WDMonitorCCB; C:\Windows\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe [57344 2010-10-12] ( Beijing WatchData System Co., Ltd.)
S3 QDeskSvc; C:\Program Files\Tencent\QDesk\updater.exe /service_run [x]

==================== Drivers (Whitelisted) ====================

R1 afw; C:\Windows\System32\DRIVERS\afw.sys [29208 2009-03-23] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [305688 2009-03-23] (Agnitum Ltd.)
S0 BC; C:\Windows\System32\Drivers\BC.sys [24472 2010-11-06] (Kingsoft Corporation)
R2 BdFileSpy; C:\Windows\system32\drivers\BdFileSpy.sys [55504 2009-01-23] (BullGuard Ltd.)
R2 CdaC15BA; C:\Windows\system32\drivers\CDAC15BA.SYS [12464 2012-09-26] (Macrovision Europe Ltd)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306295 2007-04-03] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R0 KAVBootC; C:\Windows\System32\drivers\KAVBootC.sys [27240 2012-11-24] (Kingsoft Corporation)
R1 KDHacker; C:\Program Files\Kingsoft\Kingsoft Antivirus\security\kxescan\kdhacker.sys [101176 2013-07-26] (Kingsoft Corporation)
R2 kisknl; C:\Windows\system32\drivers\kisknl.sys [191288 2013-07-26] (Kingsoft Corporation)
R1 kmodurl; C:\Program Files\Kingsoft\KSafe\kmodurl.sys [111048 2012-09-22] (Kingsoft Corporation)
R3 KNBDrv; C:\Windows\system32\drivers\KNBDrv.sys [104248 2013-07-03] (Kingsoft Corporation)
R3 ksapi; C:\Windows\system32\drivers\ksapi.sys [84328 2013-04-24] (Kingsoft Corporation)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [16688 2007-04-24] (IBM)
S3 Profos; C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys [14720 2009-12-10] (BitDefender S.R.L.)
R1 QQProtect; C:\Windows\system32\drivers\QQProtect.sys [172728 2013-07-18] (Tencent)
R2 QQSysMon; C:\Program Files\Tencent\QQPCMgr\7.6.8696.225\QQSysMon.sys [74912 2013-03-21] (Tencent)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-07-27] (Duplex Secure Ltd.)
R3 TcHardWare; C:\Program Files\Tencent\QQPCMgr\7.6.8696.225\QQPCHW.sys [35544 2013-03-21] (Tencent)
R1 TFsFlt; C:\Windows\System32\Drivers\TFsFlt.sys [123936 2013-04-01] (Tencent)
R1 TSCPM; C:\Program Files\Tencent\QQPCMgr\7.6.8696.225\tscpm.sys [37152 2013-03-21] (Tencent)
R1 TSDefenseBt; C:\Windows\System32\DRIVERS\TSDefenseBt.sys [62176 2013-03-21] (Tencent)
R0 TsFltMgr; C:\Windows\System32\drivers\TsFltMgr.sys [93280 2013-03-21] (Tencent)
R1 TSKSP; C:\Program Files\Tencent\QQPCMgr\7.6.8696.225\TSKSP.sys [174560 2013-03-21] (Tencent)
R1 TSSysKit; C:\Program Files\Tencent\QQPCMgr\7.6.8696.225\TSSysKit.sys [95776 2013-03-21] (Tencent)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2012-06-23] (Texas Instruments)
R1 vmm; C:\Windows\system32\Drivers\vmm.sys [230248 2011-08-29] (Microsoft Corporation)
U3 avrmgdef; C:\Windows\System32\Drivers\avrmgdef.sys [0 ] (JMicron Technology Corporation)
S3 cpuz132; \??\C:\Users\Taichang\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [x]
S3 tcphoc; \??\C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.4.2104_2\Program\tcphoc.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-29 22:01 - 2013-07-26 10:17 - 01220112 _____ (Farbar) C:\Users\Taichang\Desktop\FRST.exe
2013-07-29 22:00 - 2013-07-29 22:00 - 00002012 _____ C:\Users\Taichang\Desktop\JRT.txt
2013-07-29 21:52 - 2013-07-27 20:35 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\Taichang\Desktop\JRT.exe
2013-07-29 21:30 - 2013-07-29 21:31 - 00001986 _____ C:\AdwCleaner[S4].txt
2013-07-27 23:59 - 2013-07-27 23:59 - 350289792 _____ C:\Windows\MEMORY.DMP
2013-07-27 23:59 - 2013-07-27 23:59 - 00146456 _____ C:\Windows\Minidump\072713-22978-01.dmp
2013-07-27 23:48 - 2013-07-27 23:47 - 00067072 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Taichang\AppData\Roaming\ie_util.exe
2013-07-27 23:46 - 2013-07-29 06:29 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\Poofy
2013-07-27 23:46 - 2013-07-27 23:46 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\Veguhy
2013-07-27 23:46 - 2013-07-27 23:46 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\Okne
2013-07-27 22:59 - 2013-07-27 22:59 - 00000000 ____D C:\Users\Taichang\AppData\Local\Unity
2013-07-27 22:55 - 2013-07-27 22:55 - 00001130 _____ C:\Users\Taichang\Desktop\腾讯TT.lnk
2013-07-27 22:43 - 2013-07-27 22:43 - 00000000 ____D C:\Users\Taichang\Documents\暴风影视库
2013-07-27 22:43 - 2013-07-27 22:43 - 00000000 ____D C:\ProgramData\Persist
2013-07-27 22:43 - 2013-07-27 22:43 - 00000000 ____D C:\ProgramData\Baofeng
2013-07-27 22:43 - 2013-07-27 22:43 - 00000000 ____D C:\Program Files\Baofeng
2013-07-27 22:41 - 2013-07-27 22:41 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\快快游戏
2013-07-27 22:41 - 2013-07-27 22:41 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\duowan
2013-07-27 22:41 - 2013-07-27 22:41 - 00000000 ____D C:\Program Files\duowan
2013-07-27 22:40 - 2013-07-27 22:40 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\傲游云浏览器
2013-07-27 22:19 - 2013-07-27 23:54 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013
2013-07-27 22:19 - 2013-07-27 22:19 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\TuneUp Software
2013-07-27 22:18 - 2013-07-27 22:19 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-07-27 22:18 - 2013-07-27 22:18 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-27 22:17 - 2013-07-27 22:17 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-07-27 22:09 - 2013-07-27 22:09 - 00000000 ___HD C:\32f1e0386078948ca68e1ee8fddfc253
2013-07-27 21:31 - 2013-07-27 21:31 - 00002176 _____ C:\Users\Public\Desktop\腾讯QQ.lnk
2013-07-27 21:25 - 2013-07-27 21:25 - 00000000 ____D C:\Users\Taichang\AppData\Local\Temp尰
2013-07-27 20:39 - 2013-07-27 20:39 - 00000000 ____D C:\Windows\ERUNT
2013-07-27 15:00 - 2013-07-27 15:00 - 00001458 _____ C:\Users\Taichang\Desktop\AdwCleaner[S3].txt
2013-07-27 14:52 - 2013-07-27 14:52 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\shoujizhushou
2013-07-27 14:01 - 2013-07-27 14:02 - 00001458 _____ C:\AdwCleaner[S3].txt
2013-07-27 14:01 - 2013-07-27 14:01 - 00000380 _____ C:\AdwCleaner[S2].txt
2013-07-27 13:36 - 2013-07-29 21:31 - 00000720 _____ C:\Windows\DeleteOnReboot.bat
2013-07-27 13:36 - 2013-07-27 13:38 - 00036633 _____ C:\AdwCleaner[S1].txt
2013-07-26 11:49 - 2013-07-26 11:49 - 00000000 ____D C:\FRST
2013-07-25 19:04 - 2013-07-29 21:39 - 00014590 _____ C:\Windows\PFRO.log
2013-07-25 19:04 - 2013-07-29 21:39 - 00001120 _____ C:\Windows\setupact.log
2013-07-25 19:04 - 2013-07-25 19:04 - 00000000 _____ C:\Windows\setuperr.log
2013-07-18 21:51 - 2006-02-21 02:27 - 00081987 _____ (CANON INC.) C:\Windows\system32\AUCPLMNT.DLL
2013-07-18 21:50 - 2013-07-18 22:00 - 00000000 ____D C:\Program Files\Canon
2013-07-17 13:07 - 2013-07-17 13:07 - 03159392 _____ (Tencent) C:\Windows\system32\QQPinyin.ime
2013-07-12 09:58 - 2013-07-12 09:58 - 00265408 _____ C:\Users\Taichang\Downloads\Nicht bestätigt 963620.crdownload
2013-07-12 08:42 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 08:42 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 21:29 - 2013-05-27 06:57 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-11 21:29 - 2013-05-27 05:20 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 21:28 - 2013-05-27 07:02 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 21:28 - 2013-05-27 07:01 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 21:28 - 2013-05-27 07:01 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-11 21:28 - 2013-05-27 06:57 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 21:28 - 2013-05-27 06:56 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 21:28 - 2013-05-27 06:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 21:27 - 2013-05-27 06:57 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 21:27 - 2013-05-27 06:56 - 11020800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 21:27 - 2013-05-27 06:56 - 02078208 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 23:10 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 22:59 - 2013-04-10 07:02 - 01077760 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-03 16:58 - 2013-07-27 22:25 - 00000000 ____D C:\ProgramData\QMovie
2013-07-03 16:58 - 2013-07-03 16:58 - 00001853 _____ C:\Users\Taichang\AppData\Roaming\Microsoft\Windows\Start Menu\影视搜索.lnk
2013-07-02 23:37 - 2013-07-03 00:11 - 00000000 ____D C:\Users\Taichang\Desktop\2013-07-02 APP
2013-06-30 23:41 - 2013-07-20 23:18 - 00000954 _____ C:\Users\Taichang\AppData\Roaming\coreavc.ini
2013-06-29 22:52 - 2013-07-08 21:01 - 00000268 _____ C:\Windows\Tasks\PPSProtect.job
2013-06-29 22:52 - 2013-06-29 22:52 - 00000000 ____D C:\Users\Taichang\AppData\Local\idevice
2013-06-29 22:41 - 2013-06-29 22:41 - 00000000 ___HD C:\ProgramData\PPStreamSetupRes_198424

==================== One Month Modified Files and Folders =======

2013-07-29 22:01 - 2009-12-10 16:08 - 00000000 ___RD C:\Users\Taichang\Desktop
2013-07-29 22:00 - 2013-07-29 22:00 - 00002012 _____ C:\Users\Taichang\Desktop\JRT.txt
2013-07-29 21:55 - 2009-12-10 16:32 - 00000000 ____D C:\Program Files\Tencent
2013-07-29 21:54 - 2009-12-11 16:31 - 00000000 ____D C:\ProgramData\Tencent
2013-07-29 21:49 - 2009-12-11 16:33 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-29 21:49 - 2009-12-11 16:33 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-29 21:49 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 21:49 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 21:44 - 2009-12-10 16:32 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\Tencent
2013-07-29 21:41 - 2009-12-10 16:08 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema
2013-07-29 21:39 - 2013-07-25 19:04 - 00014590 _____ C:\Windows\PFRO.log
2013-07-29 21:39 - 2013-07-25 19:04 - 00001120 _____ C:\Windows\setupact.log
2013-07-29 21:39 - 2009-10-21 08:26 - 00000884 _____ C:\Windows\system32\config\afw_hm.conf
2013-07-29 21:39 - 2009-10-21 08:26 - 00000004 _____ C:\Windows\system32\config\afw_db.conf
2013-07-29 21:39 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-29 21:38 - 2009-12-10 16:08 - 01466131 _____ C:\Windows\WindowsUpdate.log
2013-07-29 21:31 - 2013-07-29 21:30 - 00001986 _____ C:\AdwCleaner[S4].txt
2013-07-29 21:31 - 2013-07-27 13:36 - 00000720 _____ C:\Windows\DeleteOnReboot.bat
2013-07-29 21:31 - 2009-12-10 16:46 - 00000000 ____D C:\Program Files\Common Files\Tencent
2013-07-29 06:29 - 2013-07-27 23:46 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\Poofy
2013-07-28 21:38 - 2010-05-17 21:26 - 00000000 ____D C:\ProgramData\Norton
2013-07-28 21:25 - 2009-12-10 16:45 - 00000000 ____D C:\Users\Taichang\Documents\Tencent Files
2013-07-27 23:59 - 2013-07-27 23:59 - 350289792 _____ C:\Windows\MEMORY.DMP
2013-07-27 23:59 - 2013-07-27 23:59 - 00146456 _____ C:\Windows\Minidump\072713-22978-01.dmp
2013-07-27 23:59 - 2009-12-21 15:31 - 00000000 ____D C:\Windows\Minidump
2013-07-27 23:54 - 2013-07-27 22:19 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013
2013-07-27 23:47 - 2013-07-27 23:48 - 00067072 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Taichang\AppData\Roaming\ie_util.exe
2013-07-27 23:46 - 2013-07-27 23:46 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\Veguhy
2013-07-27 23:46 - 2013-07-27 23:46 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\Okne
2013-07-27 23:26 - 2009-12-11 16:29 - 00000000 ____D C:\Users\Taichang\Desktop\Internet
2013-07-27 23:26 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-27 22:59 - 2013-07-27 22:59 - 00000000 ____D C:\Users\Taichang\AppData\Local\Unity
2013-07-27 22:57 - 2009-12-10 16:36 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2013-07-27 22:55 - 2013-07-27 22:55 - 00001130 _____ C:\Users\Taichang\Desktop\腾讯TT.lnk
2013-07-27 22:55 - 2009-12-10 17:03 - 00001154 _____ C:\Users\Taichang\AppData\Roaming\Microsoft\Windows\Start Menu\腾讯TT.lnk
2013-07-27 22:49 - 2009-12-27 21:42 - 00000000 ____D C:\Users\Taichang\Desktop\娱乐
2013-07-27 22:47 - 2010-05-20 22:50 - 00000000 ____D C:\Users\Taichang\Desktop\Bearbeitung
2013-07-27 22:43 - 2013-07-27 22:43 - 00000000 ____D C:\Users\Taichang\Documents\暴风影视库
2013-07-27 22:43 - 2013-07-27 22:43 - 00000000 ____D C:\ProgramData\Persist
2013-07-27 22:43 - 2013-07-27 22:43 - 00000000 ____D C:\ProgramData\Baofeng
2013-07-27 22:43 - 2013-07-27 22:43 - 00000000 ____D C:\Program Files\Baofeng
2013-07-27 22:41 - 2013-07-27 22:41 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\快快游戏
2013-07-27 22:41 - 2013-07-27 22:41 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\duowan
2013-07-27 22:41 - 2013-07-27 22:41 - 00000000 ____D C:\Program Files\duowan
2013-07-27 22:41 - 2012-10-03 13:14 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\Maxthon3
2013-07-27 22:40 - 2013-07-27 22:40 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\傲游云浏览器
2013-07-27 22:25 - 2013-07-03 16:58 - 00000000 ____D C:\ProgramData\QMovie
2013-07-27 22:19 - 2013-07-27 22:19 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\TuneUp Software
2013-07-27 22:19 - 2013-07-27 22:18 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-07-27 22:19 - 2009-12-11 00:10 - 00466008 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-07-27 22:18 - 2013-07-27 22:18 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-27 22:17 - 2013-07-27 22:17 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-07-27 22:09 - 2013-07-27 22:09 - 00000000 ___HD C:\32f1e0386078948ca68e1ee8fddfc253
2013-07-27 22:06 - 2009-12-10 16:46 - 00000000 ____D C:\Users\Public\Documents\Tencent
2013-07-27 21:31 - 2013-07-27 21:31 - 00002176 _____ C:\Users\Public\Desktop\腾讯QQ.lnk
2013-07-27 21:25 - 2013-07-27 21:25 - 00000000 ____D C:\Users\Taichang\AppData\Local\Temp尰
2013-07-27 21:25 - 2012-10-03 11:51 - 00000000 ____D C:\Program Files\搜狐影音
2013-07-27 20:39 - 2013-07-27 20:39 - 00000000 ____D C:\Windows\ERUNT
2013-07-27 20:35 - 2013-07-29 21:52 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\Taichang\Desktop\JRT.exe
2013-07-27 15:00 - 2013-07-27 15:00 - 00001458 _____ C:\Users\Taichang\Desktop\AdwCleaner[S3].txt
2013-07-27 14:52 - 2013-07-27 14:52 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\shoujizhushou
2013-07-27 14:02 - 2013-07-27 14:01 - 00001458 _____ C:\AdwCleaner[S3].txt
2013-07-27 14:01 - 2013-07-27 14:01 - 00000380 _____ C:\AdwCleaner[S2].txt
2013-07-27 14:01 - 2009-12-10 19:01 - 00000000 ____D C:\ProgramData\Kingsoft
2013-07-27 13:38 - 2013-07-27 13:36 - 00036633 _____ C:\AdwCleaner[S1].txt
2013-07-27 13:38 - 2009-12-11 01:17 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-27 12:12 - 2010-05-20 22:52 - 00000000 ____D C:\Users\Taichang\Desktop\防病毒
2013-07-26 23:02 - 2011-10-12 22:06 - 00191288 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kisknl.sys
2013-07-26 23:01 - 2011-10-12 22:06 - 00152888 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kdhacker64.sys
2013-07-26 23:01 - 2011-10-12 22:06 - 00101176 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\kdhacker.sys
2013-07-26 22:52 - 2009-12-10 19:02 - 00000000 __RHD C:\KRECYCLE
2013-07-26 16:56 - 2009-12-10 16:08 - 00000000 ____D C:\Users\Taichang
2013-07-26 11:49 - 2013-07-26 11:49 - 00000000 ____D C:\FRST
2013-07-26 10:43 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-07-26 10:17 - 2013-07-29 22:01 - 01220112 _____ (Farbar) C:\Users\Taichang\Desktop\FRST.exe
2013-07-25 19:04 - 2013-07-25 19:04 - 00000000 _____ C:\Windows\setuperr.log
2013-07-25 15:25 - 2010-10-13 22:42 - 00000000 ____D C:\ProgramData\KSafe
2013-07-20 23:31 - 2011-10-04 16:32 - 00000000 ____D C:\ProgramData\QvodPlayer
2013-07-20 23:18 - 2013-06-30 23:41 - 00000954 _____ C:\Users\Taichang\AppData\Roaming\coreavc.ini
2013-07-20 23:18 - 2011-10-04 16:32 - 00000000 ____D C:\Media
2013-07-19 10:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-07-18 22:00 - 2013-07-18 21:50 - 00000000 ____D C:\Program Files\Canon
2013-07-18 21:59 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\DriverStore
2013-07-18 06:20 - 2013-01-01 23:02 - 00172728 _____ (Tencent) C:\Windows\system32\Drivers\QQProtect.sys
2013-07-17 13:07 - 2013-07-17 13:07 - 03159392 _____ (Tencent) C:\Windows\system32\QQPinyin.ime
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-HK
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\tr-TR
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sv-SE
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ru-RU
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nb-NO
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ko-KR
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ja-JP
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\it-IT
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\hu-HU
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fr-FR
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fi-FI
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\el-GR
2013-07-16 23:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-07-16 09:07 - 2012-03-31 16:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-15 21:25 - 2009-12-10 17:21 - 00000000 ____D C:\Users\Taichang\AppData\Local\Adobe
2013-07-15 21:23 - 2012-03-31 16:58 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-15 21:23 - 2011-10-10 20:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-14 20:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 11:02 - 2013-05-25 15:52 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\Ixteo
2013-07-12 11:02 - 2013-05-04 23:46 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\Amwita
2013-07-12 11:02 - 2012-04-25 22:43 - 00000000 ____D C:\Program Files\Free PDF to Word Doc Converter
2013-07-12 09:58 - 2013-07-12 09:58 - 00265408 _____ C:\Users\Taichang\Downloads\Nicht bestätigt 963620.crdownload
2013-07-11 21:02 - 2009-09-29 08:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 00:51 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 00:48 - 2009-09-29 05:58 - 01636108 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-11 00:47 - 2009-09-29 08:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 00:35 - 2009-10-14 11:38 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 23:59 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 23:43 - 2009-07-14 06:33 - 03970128 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-08 21:01 - 2013-06-29 22:52 - 00000268 _____ C:\Windows\Tasks\PPSProtect.job
2013-07-08 14:03 - 2009-12-15 19:03 - 00000000 ____D C:\Users\Taichang\AppData\Roaming\PPStream
2013-07-07 07:29 - 2013-05-02 21:08 - 00024064 _____ C:\Users\Taichang\Desktop\服事表.xls
2013-07-05 22:25 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-03 18:03 - 2013-03-19 22:30 - 00104248 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\knbdrv.sys
2013-07-03 17:04 - 2012-10-24 19:34 - 00000000 ____D C:\Users\Taichang\AppData\Local\liebao
2013-07-03 17:02 - 2013-03-19 22:30 - 00090936 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\KNBDrv64.sys
2013-07-03 17:01 - 2011-10-04 16:32 - 00000000 ____D C:\Program Files\QvodPlayer
2013-07-03 16:58 - 2013-07-03 16:58 - 00001853 _____ C:\Users\Taichang\AppData\Roaming\Microsoft\Windows\Start Menu\影视搜索.lnk
2013-07-03 16:58 - 2012-09-29 22:16 - 00000000 ____D C:\Program Files\QMovie
2013-07-03 00:11 - 2013-07-02 23:37 - 00000000 ____D C:\Users\Taichang\Desktop\2013-07-02 APP
2013-07-01 22:56 - 2013-05-09 09:33 - 00000000 ____D C:\Users\Taichang\Desktop\2013-05-09 APP
2013-07-01 21:46 - 2013-06-12 21:30 - 00000016 _____ C:\Users\Taichang\Desktop\39420.txt
2013-06-30 22:29 - 2013-02-08 11:23 - 00000000 ____D C:\ppsvodcache
2013-06-29 22:52 - 2013-06-29 22:52 - 00000000 ____D C:\Users\Taichang\AppData\Local\idevice
2013-06-29 22:52 - 2009-12-15 19:03 - 00000000 ____D C:\Program Files\PPStream
2013-06-29 22:41 - 2013-06-29 22:41 - 00000000 ___HD C:\ProgramData\PPStreamSetupRes_198424

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-24 12:34

==================== End Of Log ============================

--- --- ---

und Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-07-2013
Ran by Taichang at 2013-07-29 22:01:55
Running from C:\Users\Taichang\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 3.4.0.2710)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe InDesign CS5 (Version: 7.0)
Adobe Media Player (Version: 1.8)
Adobe Reader X (10.1.7) - Chinese Simplified (Version: 10.1.7)
ALDI Foto Service (Version: 4.5.9.141)
ALDI Nord Foto Manager Free (Version: 6.0.1.491)
Aldi Nord Fotoservice
ALDI Nord Online Druck Service (Version: 4.5.1.0)
Apple Application Support (Version: 1.2.0)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Software Update (Version: 2.1.1.116)
Autodesk Express Viewer (Version: 3.1)
AVS Screen Capture version 1.1.2
AVS Update Manager 1.0
AVS Video Editor 5
AVS Video Recorder 2.4
AVS4YOU Software Navigator 1.4
Bing Bar (Version: 7.0.791.0)
Bonjour (Version: 1.0.106)
BullGuard 8.7 (Version: 8.7)
Carambis Driver Updater (Version: 1.2.0.2090)
CCB Online e-Bank HDZB V3.6.8.2 (Version: V3.6.8.2)
Cisco AnyConnect VPN Client (Version: 2.5.2014)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Cisco Systems VPN Client 5.0.00.0340 (Version: 5.0.0)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CyberLink LabelPrint (Version: 2.5.1927)
CyberLink MediaShow (Version: 4.1.3121)
CyberLink PhotoNow (Version: 1.1.6622)
CyberLink Power2Go (Version: 6.1.3213)
CyberLink PowerDirector (Version: 7.0.3003)
CyberLink PowerDVD 9 (Version: 9.0.2010)
CyberLink PowerDVD Copy (Version: 1.0.6720)
CyberLink PowerProducer (Version: 5.0.2.2124)
CyberLink YouCam (Version: 3.0.2104)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.47.1.0335)
Dassault Systemes Software B17
Dassault Systemes Software B19
Dassault Systemes Software B21
Dassault Systemes Software Prerequisites x86 (Version: 8.1.3)
Dassault Systemes Software VC9 Prerequisites x86 (Version: 9.1.2)
DivX Converter (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.1.0.9)
DivX-Setup (Version: 2.3.0.20)
Driver Detective (Version: 8.0.1)
Epson Copy Utility 3.5 (Version: 3.5.0.0)
EPSON Scan Tool
EPSON-Drucker-Software
e-Wörterbücher
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Firebird SQL Server - MAGIX Edition (Version: 2.1.23.0)
Free Notes & Office Ink
Free PDF to Word Doc Converter v1.1 (Version: 1.1)
FreeCall (Version: 4.07 build 628)
Google Chrome (Version: 28.0.1500.72)
Google Update Helper (Version: 1.3.21.153)
Graphics-Pad MD 41217
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1883)
Intel(R) TV Wizard
Intel® Matrix Storage Manager
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 35 (Version: 6.0.350)
JMicron Ethernet Adapter NDIS Driver (Version: 6.0.10.5)
JMicron Flash Media Controller Driver (Version: 1.0.31.3)
JNLP
Junk Mail filter update (Version: 15.4.3502.0922)
LimeWire 5.5.8 (Version: 5.5.8)
ManyCam 2.5.48 (remove only) (Version: 2.5.48)
MATLAB R2009a (Version: 7.8)
Mechanical Desktop 2004 (Version: 7.0.43.5)
MEDION Fotos auf CD & DVD SE Nord (Version: 8.0.3.4)
Medion Home Cinema (Version: 6.0.0000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Advertising SDK for Windows Phone - DEU (Version: 5.2.819.0)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)
Microsoft Expression Blend 3 SDK (Version: 1.0.1343.0)
Microsoft Expression Blend 4 (Version: 4.0.30816.0)
Microsoft Expression Blend 4 Add-in for Adobe FXG Import (Version: 1.0.20817.0)
Microsoft Expression Blend SDK for .NET 4 (Version: 2.0.20621.0)
Microsoft Expression Blend SDK for Silverlight 4 (Version: 2.0.20621.0)
Microsoft Expression Blend SDK for Windows Phone 7 (Version: 2.0.20901.0)
Microsoft Expression Blend SDK for Windows Phone OS 7.1 (Version: 2.0.30816.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.2.3.0)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK - Deutsch (Version: 4.0.60310.0)
Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - DEU (Version: 10.1.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft XNA Framework Redistributable 4.0 Refresh (Version: 4.0.30901.0)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy) (Version: 4.0.20823.0)
Microsoft XNA Game Studio Platform Tools (Version: 1.4.0.0)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mozilla Firefox (3.6.13) (Version: 3.6.13 (de))
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
Nokia Connectivity Cable Driver (Version: 7.1.69.0)
Nokia PC Suite (Version: 7.1.51.0)
Nokia Suite (Version: 3.3.89.0)
PC Connectivity Solution (Version: 11.5.29.0)
PDF Settings CS5 (Version: 10.0)
Pensoft
PPLite 1.0.0.0082
PPSGame V1.2.2.6 (Version: 1.2.2.6)
PPStream V3.1.0.1068 Final (Version: 3.1.0.1068)
QQ拼音输入法4.6 (Version: 4.6)
QQ浏览器7.3 (Version: 7.3.11251.400)
QQ游戏 (Version: 3.1.101.31)
QQ音乐2013 (Version: 2013)
QuickTime (Version: 7.65.17.80)
Realtek High Definition Audio Driver (Version: 6.0.1.5936)
REALTEK Wireless LAN Driver (Version: 1.00.0124)
Safari (Version: 5.31.22.7)
SafeCast Shared Components
Secure Download Manager (Version: 3.0.3)
Skype Click to Call (Version: 5.6.8442)
Skype™ 6.3 (Version: 6.3.105)
SOSO工具栏 (Version: 5.2.4.3)
SSC Service Utility v4.30
Synaptics Pointing Device Driver (Version: 14.0.0.3)
Tencent Traveler 4.8 (Version: 4.8)
TI-Nspire CAS Student Software (Version: 3.0.2.1791)
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.3020.2)
Unity Web Player (HKCU Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update f黵 Microsoft Office Excel 2007 Help (KB963678)
Update f黵 Microsoft Office Outlook 2007 Help (KB963677)
Update f黵 Microsoft Office Powerpoint 2007 Help (KB963669)
Update f黵 Microsoft Office Word 2007 Help (KB963665)
VBA (3821b) (Version: 6.01.00.1234)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Visual Basic for Applications (R) Core - English (Version: 6.5.10.32)
Visual Basic for Applications (R) Core (Version: 6.5.10.53)
VLC media player 1.0.3 (Version: 1.0.3)
Vodafone Mobile Connect Lite (Version: 9.3.3.10523)
WCF Data Services SDK for Windows Phone (Version: 4.7.6.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner (Version: 1.0.0.0)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Phone Emulator - DEU (Version: 10.0.40219)
Windows Phone SDK 7.1 - Deutsch (Version: 10.1.40219)
Windows Phone SDK 7.1 Add-in for Visual Studio 2010 - DEU (Version: 10.0.40219)
Windows Phone SDK 7.1 Assemblies - deu (Version: 10.0.40219)
Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5) (Version: 06/09/2010 4.5)
Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7) (Version: 06/09/2010 7.01.0.7)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR
WinSCP 4.2.4 beta (Version: 4.2.4 beta)
WPF Toolkit February 2010 (Version 3.5.50211.1) (Version: 3.5.50211.1)
中国建设银行E路护航网银安全组件安装程序 3.0 (Version: 1.0.0.3)
中国建设银行网银盾 (Version: 3.2.8.1)
傲游云浏览器 (Version: 4.1.0.4000)
大明五洲 建行网银盾 (Version: 2.0.5.15)
小Q书桌
应用助手for Android 1.0 Beta6 (Version: 1.0 Beta6)
影视搜索 (Version: 1.2.0)
快快游戏 (Version: 3.7.361957.787)
快播 5.11.137 (Version: 5.11.137)
快玩 V3.0.1.2 (Version: V3.0.1.2)
我爱小游戏 1.0.3.5 (Version: 1.0.3.5)
搜狐影音 (Version: 4.0.0.129)
搜狐影音3.2.0.0
新毒霸(悟空) (Version: 2013.4.0)
暴风影音5 (Version: 5.23.0415.1431)
猎豹安全浏览器 (Version: 3.6.20.4527)
电脑管家2合1杀毒版 (Version: 7.6 Build 8696)
百度地址栏 (Version: 1.0)
百度工具栏 (Version: 2.3.0.15)
腾讯QQ2013 (Version: 1.95.7681.0)
腾讯中文搜搜 (Version: 5.0.2.18)
腾讯视频 (Version: 8.50.7067.0)
诺基亚 PC 套件 (Version: 7.1.51.0)
迅雷看看播放器
金山卫士4.2正式版 (Version: 4.2.0.2522 正式版)
金山网盾
金山软件基础服务 (Version: 15)
 

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2009-07-14 04:04 - 2011-07-17 17:43 - 00001266 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {085C3690-4F16-4297-8807-1DEEB9A22EF1} - \6adf8300 No Task File
Task: {27E33E9F-3880-4C2C-A422-A1F6AF798D6D} - \b0b95a00 No Task File
Task: {28F4EC16-CE21-41AC-92D5-A096BD29A3AB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {313F5180-B21B-456F-89FE-DE68A0959DDB} - System32\Tasks\Maxthon Update => C:\Program Files\Maxthon3\Bin\mxup.exe [2013-05-17] (Maxthon International ltd.)
Task: {31A4A241-8711-4F12-8D6E-B6A1B0379F1F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-11] (Google Inc.)
Task: {33BE9AB6-630C-4C36-A2C1-BB2D211E3B41} - \9e1a7100 No Task File
Task: {3934188B-6CEB-4D1B-90D4-DBDB1B3BBB5A} - System32\Tasks\AdobeAAMUpdater-1.0-Taichang-PC-Taichang => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {3B00B5CA-0517-4134-A4E8-88E956113FE2} - \11ea2d00 No Task File
Task: {3C8DFF0B-0C4F-41C3-B614-11F947D3AFE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-11] (Google Inc.)
Task: {43221940-8238-49EC-A6CA-AD8C54133789} - \75dc9500 No Task File
Task: {49F52A62-974D-4821-A233-52B0886C0BA6} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {4B9ED91C-8491-4015-A17A-102FA3E16FD9} - \b7803a00 No Task File
Task: {5C54787B-E6BE-4F39-A515-05F45239C125} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {70C569DD-C02E-4482-979B-AD9612907544} - \5d71a000 No Task File
Task: {72390083-3531-4A7B-9C10-E1249F3503D0} - \1ca21800 No Task File
Task: {77C263FF-4EC6-4F36-99ED-06C7F30C0A87} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {9EB31B97-A7C7-49A6-8C47-F4DDB91B722A} - \ae070000 No Task File
Task: {A237B636-D61B-40BB-B0DF-BBB8F7AE092B} - \c1016700 No Task File
Task: {A3638478-4793-4D98-83AE-2E083435D422} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {AA73B203-970A-4940-A459-F1A30D2C9D2C} - \7b111b00 No Task File
Task: {ACC64E28-05F5-4D32-BAB7-AD1F34743FF8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {ADD343C3-2C5B-4CF3-8B6A-433C146E92F5} - \cc128a00 No Task File
Task: {BB33545E-3141-4C94-A097-CAFEBB512E05} - \272f7400 No Task File
Task: {D2F7E1D2-791D-4636-94AA-3385DA044E3E} - System32\Tasks\PPSProtect => C:\Program Files\PPStream\PPSProtect.exe [2013-06-07] (PPStream Inc.)
Task: {DA3AC781-1C09-4293-A7B1-D59AFA1FA000} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-440308454-176116510-3628090066-1000Core => C:\Users\Taichang\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-08] (Facebook Inc.)
Task: {E1F32374-FC34-4EAE-A7ED-16FFF1EDB1FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15] (Adobe Systems Incorporated)
Task: {E9099B3A-423E-410C-95AD-034F9779F4C4} - \d8bcf7d8 No Task File
Task: {EFF83EF5-8E33-430E-9D7C-0C66CF4D2D0D} - \a0ccff00 No Task File
Task: {F580253F-D39A-44F6-98E5-0428631D02A1} - System32\Tasks\KsafeDelay => C:\Program Files\Kingsoft\KSafe\KSafeTray.exe [2012-09-22] (Kingsoft Corporation)
Task: {F6743DA2-7E71-4544-A35A-AAA2771A5BD4} - \bee0f800 No Task File
Task: {FCB98DB3-BE8A-42E9-AD56-A8455C199931} - \931a2e00 No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-440308454-176116510-3628090066-1000Core.job => C:\Users\Taichang\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PPSProtect.job => C:\Program Files\PPStream\PPSProtect.exe

==================== Faulty Device Manager Devices =============

Could not list Devices.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (10/05/2011 05:37:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 14 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/17/2011 05:43:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/22/2011 08:46:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 44 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/24/2011 02:09:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/07/2011 05:18:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/28/2011 03:21:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/02/2011 10:14:45 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/23/2011 09:02:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/11/2011 11:02:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 62 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/11/2011 10:56:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 452 seconds with 420 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 3004.88 MB
Available physical RAM: 2014.11 MB
Total Pagefile: 6008.04 MB
Available Pagefile: 4934.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.96 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:424.66 GB) (Free:326.52 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:6.21 GB) NTFS
Drive g: (Memory card) (Removable) (Total:0.96 GB) (Free:0.88 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: F98D6E74)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=425 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 983 MB) (Disk ID: FFFFFFFF)
No partition Table on disk 1.

==================== End Of Log ============================

schrauber · 30.07.2013, 07:19

Wieder besser

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

27.07.2013, 18:00	#8
schrauber /// the machine /// TB-Ausbilder	cmd.exe Mach mal den Rest der Anleitung. Und zeig mir bitte nen Screenshot von dem Fenster. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

28.07.2013, 07:10	#10
schrauber /// the machine /// TB-Ausbilder	cmd.exe FRST und der Screenshot fehlen noch __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

26.07.2013, 12:38	#1
Taichang	cmd.exe Lieben Helfer, ich kann seit gestern auf meinem PC Windows7 nicht benutzen. Nachdem ich Windows eingelogt bin, kommt Schwarze Bildschirm steht mit ''cmd.exe'' und seitdem suche ich Antworten. Ich habe auch schon mit frst.exe gescant. Daunten habe ich auch die FRST Logfile:

cmd.exe

Log-Analyse und Auswertung: cmd.exe

cmd.exe

cmd.exe

cmd.exe

cmd.exe

cmd.exe

cmd.exe

cmd.exe

cmd.exe

cmd.exe

cmd.exe

cmd.exe

cmd.exe