Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by user (administrator) on USER-PC (09-04-2018 22:19:43)
Running from F:\
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: 中文(简体,中国)
Internet Explorer Version 9 (Default browser: "c:\users\user\appdata\local\liebao\liebao.exe" "%1")
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [kxesc] => c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe [2065936 2018-02-09] (Kingsoft Corporation)
HKLM-x32\...\Run: [kwifi] => C:\Program Files (x86)\kingsoft\kwifi\kwifi.exe [2354336 2018-01-02] (Kingsoft Corporation)
HKLM-x32\...\Run: [360Safetray] => C:\Program Files (x86)\360\360Safe\safemon\360tray.exe [398944 2017-12-06] (360.cn)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4032058B-B4B2-4DB9-92AD-860F4E5B0098}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-18] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2018-03-10] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360Safe\safemon\safemon64.dll [2018-02-28] (360.cn)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-18] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-03-10] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2018-03-10] (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360Safe\safemon\safemon.dll [2018-03-16] (360.cn)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2018-03-10] (Microsoft Corporation)
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - No File
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-10] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-10] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-10] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-10] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-10] (Microsoft Corporation)
FireFox:
========
FF Plugin: @hunantv.com/HunanTVPlugin -> C:\Program Files (x86)\HunanTV\HunanTVPluginsX64.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-10] (Microsoft Corporation)
FF Plugin-x32: @360.cn/npaxlogin -> C:\Program Files (x86)\360\360Safe\Utils\npaxlogin.dll [2014-04-22] (360.cn)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @baidu.com/npxbdcntb -> C:\Program Files (x86)\Baidu\BaiduPinyin\3.4.2717.9\npxbdcntb.dll [No File]
FF Plugin-x32: @hunantv.com/HunanTVPlugin -> C:\Program Files (x86)\HunanTV\HunanTVPlugins.dll [No File]
FF Plugin-x32: @kingsfot.com/npkws -> c:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll [2018-01-02] (Kingsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-03-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-03-10] (Microsoft Corporation)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [No File]
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @1.qq.com/npqqwebgame -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.9\npqqwebgame.dll [No File]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-06] (Apple Inc.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962800 2018-02-22] (Microsoft Corporation)
S3 dsmainsrv; C:\Program Files (x86)\360\360Safe\deepscan\dsmain.exe [265312 2017-11-22] (360.cn)
S2 knatsvc; C:\Program Files (x86)\kingsoft\kwifi\knatsvc.exe [285272 2017-11-21] (Kingsoft Corporation)
S2 knbcenter; C:\Users\user\AppData\Local\liebao\6.5.115.17898\knbcenter.exe [882936 2018-03-12] (Kingsoft Corporation)
S4 KugouService; C:\Program Files (x86)\KuGou\KGMusic\8.1.51.19889\service.exe [45080 2017-05-15] (酷狗音乐)
S2 kxescore; c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe [314000 2017-11-27] (Kingsoft Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-11-20] (Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZhuDongFangYu; C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe [249952 2018-03-20] (360.cn)
U2 DGPNPSEV; c:\Ksafe\Mydrivers\DriverGenius2013\dgservice.exe [X]
S3 pnphost; C:\Program Files (x86)\DTLSoft\USBBox\pnphost.dll [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [183416 2017-10-25] (360.cn)
S1 360AntiHijack; C:\Windows\System32\Drivers\360AntiHijack64.sys [60024 2018-01-08] (360.cn)
S1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330176 2016-11-15] (360.cn)
S1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [49088 2016-11-24] (360.cn)
S1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [435320 2018-03-16] (360.cn)
S1 360Hvm; C:\Windows\System32\Drivers\360Hvm64.sys [285816 2017-11-07] (360安全中心)
S1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [87160 2018-01-27] (360.cn)
S1 360qpesv; C:\Windows\System32\DRIVERS\360qpesv64.sys [295032 2018-04-09] (360.cn)
S3 360Sensor; C:\Windows\system32\drivers\360Sensor64.sys [34960 2017-06-14] (360.cn)
S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [206456 2018-02-08] (360.cn)
S0 bootsafe; C:\Windows\System32\Drivers\bootsafe64.sys [116040 2018-02-03] (Kingsoft Corporation)
R0 DsArk; C:\Windows\System32\drivers\DsArk64.sys [176248 2017-12-14] (360.cn)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-27] (Intel Corporation)
S0 KAVBootC; C:\Windows\System32\Drivers\KAVBootC64.sys [54960 2017-10-20] (Kingsoft Corporation)
S1 KDHacker; c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\KDHacker64.sys [203952 2017-10-20] (Kingsoft Corporation)
S2 kisknl; C:\Windows\system32\drivers\kisknl.sys [344904 2018-01-02] (Kingsoft Corporation)
S1 kisnetm; c:\program files (x86)\kingsoft\kingsoft antivirus\security\ksnetm\kisnetm64.sys [109880 2017-10-20] (Kingsoft Corporation)
S2 KNBDrv; C:\Windows\system32\drivers\KNBDrv.sys [151608 2018-03-12] (Kingsoft Corporation)
S2 ksapi64; C:\Windows\System32\drivers\ksapi64.sys [81584 2017-12-09] (Kingsoft Corporation)
S1 LiebaoNAT; C:\Windows\System32\DRIVERS\liebaonat64.sys [41664 2017-11-21] (Kingsoft Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-22] (Intel Corporation)
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19141.213\QMUdisk64.sys [X]
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19141.213\softaal64.sys [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19141.213\TsNetHlpX64.sys [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X]
S3 X6va060; \??\C:\Windows\SysWOW64\Drivers\X6va060 [X]
S3 X6va061; \??\C:\Windows\SysWOW64\Drivers\X6va061 [X]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
S3 X6va063; \??\C:\Windows\SysWOW64\Drivers\X6va063 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVCx32: HpSvc -> no filepath.
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-09 22:15 - 2018-04-09 22:19 - 000000000 ____D C:\FRST
2018-04-09 22:12 - 2018-04-09 22:12 - 000000020 ___SH C:\Users\TEMP.user-PC.003\ntuser.ini
2018-04-09 22:12 - 2018-04-09 22:12 - 000000000 _SHDL C:\Users\TEMP.user-PC.003\AppData\Roaming\Microsoft\Windows\Start Menu\程序
2018-04-09 22:12 - 2018-04-09 22:12 - 000000000 _SHDL C:\Users\TEMP.user-PC.003\「开始」菜单
2018-04-09 22:12 - 2018-04-09 22:12 - 000000000 ____D C:\Users\TEMP.user-PC.003
2018-04-09 22:12 - 2009-07-14 06:44 - 000000000 ____D C:\Users\TEMP.user-PC.003\AppData\Roaming\Media Center Programs
2018-03-15 22:54 - 2018-03-15 23:45 - 000000000 ____D C:\AdwCleaner
2018-03-15 19:19 - 2018-04-09 22:12 - 000415940 _____ C:\Windows\ntbtlog.txt
2018-03-13 14:37 - 2017-06-14 18:29 - 000034960 _____ (360.cn) C:\Windows\system32\Drivers\360Sensor64.sys
2018-03-13 12:06 - 2018-03-13 12:30 - 000000000 ____D C:\Users\TEMP.user-PC.002\AppData\LocalLow\360WD
2018-03-13 11:51 - 2018-03-13 13:44 - 000000000 ____D C:\Users\TEMP.user-PC.002
2018-03-13 11:51 - 2018-03-13 11:51 - 000000000 ____D C:\Users\TEMP.user-PC.002\AppData\Local\liebao
2018-03-13 11:21 - 2018-03-13 11:21 - 000000020 ___SH C:\Users\TEMP.user-PC.001\ntuser.ini
2018-03-13 11:21 - 2018-03-13 11:21 - 000000000 _SHDL C:\Users\TEMP.user-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\程序
2018-03-13 11:21 - 2018-03-13 11:21 - 000000000 _SHDL C:\Users\TEMP.user-PC.001\「开始」菜单
2018-03-13 11:21 - 2018-03-13 11:21 - 000000000 ____D C:\Users\TEMP.user-PC.001\AppData\Local\liebao
2018-03-13 11:21 - 2018-03-13 11:21 - 000000000 ____D C:\Users\TEMP.user-PC.001
2018-03-13 11:21 - 2009-07-14 06:44 - 000000000 ____D C:\Users\TEMP.user-PC.001\AppData\Roaming\Media Center Programs
2018-03-13 10:28 - 2018-03-13 10:28 - 000000020 ___SH C:\Users\TEMP.user-PC.000\ntuser.ini
2018-03-13 10:28 - 2018-03-13 10:28 - 000000000 _SHDL C:\Users\TEMP.user-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\程序
2018-03-13 10:28 - 2018-03-13 10:28 - 000000000 _SHDL C:\Users\TEMP.user-PC.000\「开始」菜单
2018-03-13 10:28 - 2018-03-13 10:28 - 000000000 ____D C:\Users\TEMP.user-PC.000\AppData\Local\liebao
2018-03-13 10:28 - 2018-03-13 10:28 - 000000000 ____D C:\Users\TEMP.user-PC.000
2018-03-13 10:28 - 2009-07-14 06:44 - 000000000 ____D C:\Users\TEMP.user-PC.000\AppData\Roaming\Media Center Programs
2018-03-13 10:05 - 2018-03-13 10:05 - 000000020 ___SH C:\Users\TEMP.user-PC\ntuser.ini
2018-03-13 10:05 - 2018-03-13 10:05 - 000000000 _SHDL C:\Users\TEMP.user-PC\AppData\Roaming\Microsoft\Windows\Start Menu\程序
2018-03-13 10:05 - 2018-03-13 10:05 - 000000000 _SHDL C:\Users\TEMP.user-PC\「开始」菜单
2018-03-13 10:05 - 2018-03-13 10:05 - 000000000 ____D C:\Users\TEMP.user-PC\AppData\Local\liebao
2018-03-13 10:05 - 2018-03-13 10:05 - 000000000 ____D C:\Users\TEMP.user-PC
2018-03-13 10:05 - 2009-07-14 06:44 - 000000000 ____D C:\Users\TEMP.user-PC\AppData\Roaming\Media Center Programs
2018-03-13 09:57 - 2018-03-13 09:57 - 000006816 ____N C:\bootsqm.dat
2018-03-13 09:49 - 2018-03-13 09:49 - 000000000 __SHD C:\found.000
2018-03-13 08:26 - 2018-03-13 08:26 - 000000000 ____D C:\Users\TEMP\AppData\Local\liebao
2018-03-13 08:25 - 2018-03-13 08:25 - 000000020 ___SH C:\Users\TEMP\ntuser.ini
2018-03-13 08:25 - 2018-03-13 08:25 - 000000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\程序
2018-03-13 08:25 - 2018-03-13 08:25 - 000000000 _SHDL C:\Users\TEMP\「开始」菜单
2018-03-13 08:25 - 2018-03-13 08:25 - 000000000 ____D C:\Users\TEMP
2018-03-13 08:25 - 2009-07-14 06:44 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2018-03-12 22:56 - 2018-03-12 22:56 - 000001138 _____ C:\Users\user\Desktop\猎豹安全浏览器.lnk
2018-03-12 22:56 - 2018-03-12 22:56 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\猎豹安全浏览器
2018-03-12 22:55 - 2018-03-12 22:55 - 000218440 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\knbdrv_ev.sys
2018-03-12 22:55 - 2018-03-12 22:55 - 000165704 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\knbdrv64_ev.sys
2018-03-12 22:55 - 2018-03-12 22:55 - 000151608 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\KNBDrv64.sys
2018-03-12 22:55 - 2018-03-12 22:55 - 000151608 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\knbdrv.sys
2018-03-12 22:55 - 2018-03-12 22:55 - 000122520 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi_ev.sys
2018-03-12 22:55 - 2018-03-12 22:55 - 000114776 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2018-03-12 22:55 - 2018-03-12 22:55 - 000079000 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64_ev.sys
2018-03-12 22:55 - 2017-12-09 01:03 - 000081584 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2018-03-12 22:54 - 2018-03-12 22:56 - 000000000 ____D C:\Users\user\AppData\Local\liebao
2018-03-10 14:48 - 2018-03-10 14:48 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-09 21:51 - 2009-07-14 06:32 - 000414290 _____ C:\Windows\system32\prfh0804.dat
2018-04-09 21:51 - 2009-07-14 06:32 - 000138510 _____ C:\Windows\system32\prfc0804.dat
2018-04-09 21:51 - 2009-07-14 01:13 - 001414784 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-09 21:36 - 2017-10-20 08:32 - 000000001 _____ C:\Windows\system32\Drivers\360Hvm64.dat
2018-04-09 21:24 - 2017-11-06 09:25 - 000000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-04-09 21:22 - 2016-12-17 03:33 - 000000206 __RSH C:\ProgramData\ntuser.pol
2018-04-09 21:18 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-09 20:47 - 2009-07-14 00:45 - 000015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-09 20:43 - 2009-07-14 00:45 - 000015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-09 20:31 - 2017-10-20 08:36 - 000295032 _____ (360.cn) C:\Windows\system32\Drivers\360qpesv64.sys
2018-03-20 16:29 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-03-20 15:58 - 2017-10-20 17:09 - 000002044 _____ C:\Users\Public\Desktop\垃圾清理.lnk
2018-03-16 03:37 - 2017-10-20 08:32 - 000435320 _____ (360.cn) C:\Windows\system32\Drivers\360fsflt.sys
2018-03-16 03:01 - 2017-10-20 08:33 - 000000000 ____D C:\360用户文件
2018-03-12 23:00 - 2017-10-20 08:25 - 000000000 ____D C:\ProgramData\Kingsoft
2018-03-12 22:55 - 2017-10-20 08:33 - 000000000 ____D C:\Users\user\AppData\LocalLow\360WD
2018-03-12 14:29 - 2015-06-12 21:47 - 000000000 ____D C:\Users\user\AppData\Roaming\KuGou8
2018-03-10 14:49 - 2016-11-11 17:01 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-10 14:48 - 2009-07-13 23:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-03-10 14:45 - 2016-11-11 16:56 - 000000000 ____D C:\Program Files\Microsoft Office
==================== Files in the root of some directories =======
2017-11-01 08:45 - 2017-10-31 20:07 - 000880968 _____ () C:\ProgramData\app.exe
2016-10-27 22:28 - 2016-10-27 22:28 - 001754304 _____ () C:\ProgramData\QQGAMEPBL2024.DLL
2016-10-27 22:28 - 2016-10-27 22:28 - 001447104 _____ () C:\ProgramData\QQGamePBL344.exe
2016-12-07 19:03 - 2016-12-07 19:03 - 001696960 _____ () C:\ProgramData\QQGAMEQCK2205.DLL
2016-12-11 23:14 - 2016-12-11 23:14 - 001389760 _____ () C:\ProgramData\QQGameQCK2432.exe
Some files in TEMP:
====================
2018-03-05 15:03 - 2018-03-12 13:48 - 003082152 _____ (360.cn) C:\Users\user\AppData\Local\Temp\360SafeIme.exe
2017-10-24 16:39 - 2017-10-24 16:39 - 000513840 _____ () C:\Users\user\AppData\Local\Temp\masar_runxx.dl.dll
2017-05-03 17:21 - 2017-05-03 17:21 - 002061064 _____ () C:\Users\user\AppData\Local\Temp\masauto_runxx.dl.dll
2015-08-05 19:58 - 2015-08-05 19:58 - 000518592 _____ () C:\Users\user\AppData\Local\Temp\masblog_runxx.dl.dll
2016-05-06 19:33 - 2016-05-06 19:33 - 001892776 _____ (TODO:) C:\Users\user\AppData\Local\Temp\masflag_runxx.dl.dll
2017-07-19 16:36 - 2017-07-19 16:36 - 001464072 _____ () C:\Users\user\AppData\Local\Temp\QYAgent_runxx.dl.dll
2018-02-06 15:47 - 2018-03-12 22:47 - 000190048 _____ (360.cn) C:\Users\user\AppData\Local\Temp\SimpleIME.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-03-09 13:04
==================== End of FRST.txt ============================
Ran by user (administrator) on USER-PC (09-04-2018 22:19:43)
Running from F:\
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: 中文(简体,中国)
Internet Explorer Version 9 (Default browser: "c:\users\user\appdata\local\liebao\liebao.exe" "%1")
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [kxesc] => c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe [2065936 2018-02-09] (Kingsoft Corporation)
HKLM-x32\...\Run: [kwifi] => C:\Program Files (x86)\kingsoft\kwifi\kwifi.exe [2354336 2018-01-02] (Kingsoft Corporation)
HKLM-x32\...\Run: [360Safetray] => C:\Program Files (x86)\360\360Safe\safemon\360tray.exe [398944 2017-12-06] (360.cn)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4032058B-B4B2-4DB9-92AD-860F4E5B0098}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-18] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2018-03-10] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360Safe\safemon\safemon64.dll [2018-02-28] (360.cn)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-18] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-03-10] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2018-03-10] (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360Safe\safemon\safemon.dll [2018-03-16] (360.cn)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2018-03-10] (Microsoft Corporation)
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - No File
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-10] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-10] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-10] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-10] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-03-10] (Microsoft Corporation)
FireFox:
========
FF Plugin: @hunantv.com/HunanTVPlugin -> C:\Program Files (x86)\HunanTV\HunanTVPluginsX64.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-10] (Microsoft Corporation)
FF Plugin-x32: @360.cn/npaxlogin -> C:\Program Files (x86)\360\360Safe\Utils\npaxlogin.dll [2014-04-22] (360.cn)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @baidu.com/npxbdcntb -> C:\Program Files (x86)\Baidu\BaiduPinyin\3.4.2717.9\npxbdcntb.dll [No File]
FF Plugin-x32: @hunantv.com/HunanTVPlugin -> C:\Program Files (x86)\HunanTV\HunanTVPlugins.dll [No File]
FF Plugin-x32: @kingsfot.com/npkws -> c:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll [2018-01-02] (Kingsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-03-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-03-10] (Microsoft Corporation)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [No File]
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @1.qq.com/npqqwebgame -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.9\npqqwebgame.dll [No File]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-06] (Apple Inc.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962800 2018-02-22] (Microsoft Corporation)
S3 dsmainsrv; C:\Program Files (x86)\360\360Safe\deepscan\dsmain.exe [265312 2017-11-22] (360.cn)
S2 knatsvc; C:\Program Files (x86)\kingsoft\kwifi\knatsvc.exe [285272 2017-11-21] (Kingsoft Corporation)
S2 knbcenter; C:\Users\user\AppData\Local\liebao\6.5.115.17898\knbcenter.exe [882936 2018-03-12] (Kingsoft Corporation)
S4 KugouService; C:\Program Files (x86)\KuGou\KGMusic\8.1.51.19889\service.exe [45080 2017-05-15] (酷狗音乐)
S2 kxescore; c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe [314000 2017-11-27] (Kingsoft Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-11-20] (Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZhuDongFangYu; C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe [249952 2018-03-20] (360.cn)
U2 DGPNPSEV; c:\Ksafe\Mydrivers\DriverGenius2013\dgservice.exe [X]
S3 pnphost; C:\Program Files (x86)\DTLSoft\USBBox\pnphost.dll [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [183416 2017-10-25] (360.cn)
S1 360AntiHijack; C:\Windows\System32\Drivers\360AntiHijack64.sys [60024 2018-01-08] (360.cn)
S1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330176 2016-11-15] (360.cn)
S1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [49088 2016-11-24] (360.cn)
S1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [435320 2018-03-16] (360.cn)
S1 360Hvm; C:\Windows\System32\Drivers\360Hvm64.sys [285816 2017-11-07] (360安全中心)
S1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [87160 2018-01-27] (360.cn)
S1 360qpesv; C:\Windows\System32\DRIVERS\360qpesv64.sys [295032 2018-04-09] (360.cn)
S3 360Sensor; C:\Windows\system32\drivers\360Sensor64.sys [34960 2017-06-14] (360.cn)
S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [206456 2018-02-08] (360.cn)
S0 bootsafe; C:\Windows\System32\Drivers\bootsafe64.sys [116040 2018-02-03] (Kingsoft Corporation)
R0 DsArk; C:\Windows\System32\drivers\DsArk64.sys [176248 2017-12-14] (360.cn)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-27] (Intel Corporation)
S0 KAVBootC; C:\Windows\System32\Drivers\KAVBootC64.sys [54960 2017-10-20] (Kingsoft Corporation)
S1 KDHacker; c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\KDHacker64.sys [203952 2017-10-20] (Kingsoft Corporation)
S2 kisknl; C:\Windows\system32\drivers\kisknl.sys [344904 2018-01-02] (Kingsoft Corporation)
S1 kisnetm; c:\program files (x86)\kingsoft\kingsoft antivirus\security\ksnetm\kisnetm64.sys [109880 2017-10-20] (Kingsoft Corporation)
S2 KNBDrv; C:\Windows\system32\drivers\KNBDrv.sys [151608 2018-03-12] (Kingsoft Corporation)
S2 ksapi64; C:\Windows\System32\drivers\ksapi64.sys [81584 2017-12-09] (Kingsoft Corporation)
S1 LiebaoNAT; C:\Windows\System32\DRIVERS\liebaonat64.sys [41664 2017-11-21] (Kingsoft Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-22] (Intel Corporation)
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19141.213\QMUdisk64.sys [X]
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19141.213\softaal64.sys [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19141.213\TsNetHlpX64.sys [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X]
S3 X6va060; \??\C:\Windows\SysWOW64\Drivers\X6va060 [X]
S3 X6va061; \??\C:\Windows\SysWOW64\Drivers\X6va061 [X]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
S3 X6va063; \??\C:\Windows\SysWOW64\Drivers\X6va063 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVCx32: HpSvc -> no filepath.
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-09 22:15 - 2018-04-09 22:19 - 000000000 ____D C:\FRST
2018-04-09 22:12 - 2018-04-09 22:12 - 000000020 ___SH C:\Users\TEMP.user-PC.003\ntuser.ini
2018-04-09 22:12 - 2018-04-09 22:12 - 000000000 _SHDL C:\Users\TEMP.user-PC.003\AppData\Roaming\Microsoft\Windows\Start Menu\程序
2018-04-09 22:12 - 2018-04-09 22:12 - 000000000 _SHDL C:\Users\TEMP.user-PC.003\「开始」菜单
2018-04-09 22:12 - 2018-04-09 22:12 - 000000000 ____D C:\Users\TEMP.user-PC.003
2018-04-09 22:12 - 2009-07-14 06:44 - 000000000 ____D C:\Users\TEMP.user-PC.003\AppData\Roaming\Media Center Programs
2018-03-15 22:54 - 2018-03-15 23:45 - 000000000 ____D C:\AdwCleaner
2018-03-15 19:19 - 2018-04-09 22:12 - 000415940 _____ C:\Windows\ntbtlog.txt
2018-03-13 14:37 - 2017-06-14 18:29 - 000034960 _____ (360.cn) C:\Windows\system32\Drivers\360Sensor64.sys
2018-03-13 12:06 - 2018-03-13 12:30 - 000000000 ____D C:\Users\TEMP.user-PC.002\AppData\LocalLow\360WD
2018-03-13 11:51 - 2018-03-13 13:44 - 000000000 ____D C:\Users\TEMP.user-PC.002
2018-03-13 11:51 - 2018-03-13 11:51 - 000000000 ____D C:\Users\TEMP.user-PC.002\AppData\Local\liebao
2018-03-13 11:21 - 2018-03-13 11:21 - 000000020 ___SH C:\Users\TEMP.user-PC.001\ntuser.ini
2018-03-13 11:21 - 2018-03-13 11:21 - 000000000 _SHDL C:\Users\TEMP.user-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\程序
2018-03-13 11:21 - 2018-03-13 11:21 - 000000000 _SHDL C:\Users\TEMP.user-PC.001\「开始」菜单
2018-03-13 11:21 - 2018-03-13 11:21 - 000000000 ____D C:\Users\TEMP.user-PC.001\AppData\Local\liebao
2018-03-13 11:21 - 2018-03-13 11:21 - 000000000 ____D C:\Users\TEMP.user-PC.001
2018-03-13 11:21 - 2009-07-14 06:44 - 000000000 ____D C:\Users\TEMP.user-PC.001\AppData\Roaming\Media Center Programs
2018-03-13 10:28 - 2018-03-13 10:28 - 000000020 ___SH C:\Users\TEMP.user-PC.000\ntuser.ini
2018-03-13 10:28 - 2018-03-13 10:28 - 000000000 _SHDL C:\Users\TEMP.user-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\程序
2018-03-13 10:28 - 2018-03-13 10:28 - 000000000 _SHDL C:\Users\TEMP.user-PC.000\「开始」菜单
2018-03-13 10:28 - 2018-03-13 10:28 - 000000000 ____D C:\Users\TEMP.user-PC.000\AppData\Local\liebao
2018-03-13 10:28 - 2018-03-13 10:28 - 000000000 ____D C:\Users\TEMP.user-PC.000
2018-03-13 10:28 - 2009-07-14 06:44 - 000000000 ____D C:\Users\TEMP.user-PC.000\AppData\Roaming\Media Center Programs
2018-03-13 10:05 - 2018-03-13 10:05 - 000000020 ___SH C:\Users\TEMP.user-PC\ntuser.ini
2018-03-13 10:05 - 2018-03-13 10:05 - 000000000 _SHDL C:\Users\TEMP.user-PC\AppData\Roaming\Microsoft\Windows\Start Menu\程序
2018-03-13 10:05 - 2018-03-13 10:05 - 000000000 _SHDL C:\Users\TEMP.user-PC\「开始」菜单
2018-03-13 10:05 - 2018-03-13 10:05 - 000000000 ____D C:\Users\TEMP.user-PC\AppData\Local\liebao
2018-03-13 10:05 - 2018-03-13 10:05 - 000000000 ____D C:\Users\TEMP.user-PC
2018-03-13 10:05 - 2009-07-14 06:44 - 000000000 ____D C:\Users\TEMP.user-PC\AppData\Roaming\Media Center Programs
2018-03-13 09:57 - 2018-03-13 09:57 - 000006816 ____N C:\bootsqm.dat
2018-03-13 09:49 - 2018-03-13 09:49 - 000000000 __SHD C:\found.000
2018-03-13 08:26 - 2018-03-13 08:26 - 000000000 ____D C:\Users\TEMP\AppData\Local\liebao
2018-03-13 08:25 - 2018-03-13 08:25 - 000000020 ___SH C:\Users\TEMP\ntuser.ini
2018-03-13 08:25 - 2018-03-13 08:25 - 000000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\程序
2018-03-13 08:25 - 2018-03-13 08:25 - 000000000 _SHDL C:\Users\TEMP\「开始」菜单
2018-03-13 08:25 - 2018-03-13 08:25 - 000000000 ____D C:\Users\TEMP
2018-03-13 08:25 - 2009-07-14 06:44 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2018-03-12 22:56 - 2018-03-12 22:56 - 000001138 _____ C:\Users\user\Desktop\猎豹安全浏览器.lnk
2018-03-12 22:56 - 2018-03-12 22:56 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\猎豹安全浏览器
2018-03-12 22:55 - 2018-03-12 22:55 - 000218440 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\knbdrv_ev.sys
2018-03-12 22:55 - 2018-03-12 22:55 - 000165704 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\knbdrv64_ev.sys
2018-03-12 22:55 - 2018-03-12 22:55 - 000151608 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\KNBDrv64.sys
2018-03-12 22:55 - 2018-03-12 22:55 - 000151608 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\knbdrv.sys
2018-03-12 22:55 - 2018-03-12 22:55 - 000122520 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi_ev.sys
2018-03-12 22:55 - 2018-03-12 22:55 - 000114776 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2018-03-12 22:55 - 2018-03-12 22:55 - 000079000 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64_ev.sys
2018-03-12 22:55 - 2017-12-09 01:03 - 000081584 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2018-03-12 22:54 - 2018-03-12 22:56 - 000000000 ____D C:\Users\user\AppData\Local\liebao
2018-03-10 14:48 - 2018-03-10 14:48 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-09 21:51 - 2009-07-14 06:32 - 000414290 _____ C:\Windows\system32\prfh0804.dat
2018-04-09 21:51 - 2009-07-14 06:32 - 000138510 _____ C:\Windows\system32\prfc0804.dat
2018-04-09 21:51 - 2009-07-14 01:13 - 001414784 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-09 21:36 - 2017-10-20 08:32 - 000000001 _____ C:\Windows\system32\Drivers\360Hvm64.dat
2018-04-09 21:24 - 2017-11-06 09:25 - 000000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-04-09 21:22 - 2016-12-17 03:33 - 000000206 __RSH C:\ProgramData\ntuser.pol
2018-04-09 21:18 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-09 20:47 - 2009-07-14 00:45 - 000015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-09 20:43 - 2009-07-14 00:45 - 000015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-09 20:31 - 2017-10-20 08:36 - 000295032 _____ (360.cn) C:\Windows\system32\Drivers\360qpesv64.sys
2018-03-20 16:29 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-03-20 15:58 - 2017-10-20 17:09 - 000002044 _____ C:\Users\Public\Desktop\垃圾清理.lnk
2018-03-16 03:37 - 2017-10-20 08:32 - 000435320 _____ (360.cn) C:\Windows\system32\Drivers\360fsflt.sys
2018-03-16 03:01 - 2017-10-20 08:33 - 000000000 ____D C:\360用户文件
2018-03-12 23:00 - 2017-10-20 08:25 - 000000000 ____D C:\ProgramData\Kingsoft
2018-03-12 22:55 - 2017-10-20 08:33 - 000000000 ____D C:\Users\user\AppData\LocalLow\360WD
2018-03-12 14:29 - 2015-06-12 21:47 - 000000000 ____D C:\Users\user\AppData\Roaming\KuGou8
2018-03-10 14:49 - 2016-11-11 17:01 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-10 14:48 - 2009-07-13 23:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-03-10 14:45 - 2016-11-11 16:56 - 000000000 ____D C:\Program Files\Microsoft Office
==================== Files in the root of some directories =======
2017-11-01 08:45 - 2017-10-31 20:07 - 000880968 _____ () C:\ProgramData\app.exe
2016-10-27 22:28 - 2016-10-27 22:28 - 001754304 _____ () C:\ProgramData\QQGAMEPBL2024.DLL
2016-10-27 22:28 - 2016-10-27 22:28 - 001447104 _____ () C:\ProgramData\QQGamePBL344.exe
2016-12-07 19:03 - 2016-12-07 19:03 - 001696960 _____ () C:\ProgramData\QQGAMEQCK2205.DLL
2016-12-11 23:14 - 2016-12-11 23:14 - 001389760 _____ () C:\ProgramData\QQGameQCK2432.exe
Some files in TEMP:
====================
2018-03-05 15:03 - 2018-03-12 13:48 - 003082152 _____ (360.cn) C:\Users\user\AppData\Local\Temp\360SafeIme.exe
2017-10-24 16:39 - 2017-10-24 16:39 - 000513840 _____ () C:\Users\user\AppData\Local\Temp\masar_runxx.dl.dll
2017-05-03 17:21 - 2017-05-03 17:21 - 002061064 _____ () C:\Users\user\AppData\Local\Temp\masauto_runxx.dl.dll
2015-08-05 19:58 - 2015-08-05 19:58 - 000518592 _____ () C:\Users\user\AppData\Local\Temp\masblog_runxx.dl.dll
2016-05-06 19:33 - 2016-05-06 19:33 - 001892776 _____ (TODO:
2017-07-19 16:36 - 2017-07-19 16:36 - 001464072 _____ () C:\Users\user\AppData\Local\Temp\QYAgent_runxx.dl.dll
2018-02-06 15:47 - 2018-03-12 22:47 - 000190048 _____ (360.cn) C:\Users\user\AppData\Local\Temp\SimpleIME.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-03-09 13:04
==================== End of FRST.txt ============================