start
() C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe
(风行在线技术有限公司) C:\Users\Dave\AppData\Roaming\Funshion\Funshion.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
HKU\.DEFAULT\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\\PPSKernel.exe
HKU\.DEFAULT\...\Run: [QyKernel] => D:\IQIYI Video\LStyle\QyKernel.exe [504256 2014-07-29] (爱奇艺)
HKU\S-1-5-19\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\\PPSKernel.exe
HKU\S-1-5-19\...\Run: [QyKernel] => D:\IQIYI Video\LStyle\QyKernel.exe [504256 2014-07-29] (爱奇艺)
HKU\S-1-5-20\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\\PPSKernel.exe
HKU\S-1-5-20\...\Run: [QyKernel] => D:\IQIYI Video\LStyle\QyKernel.exe [504256 2014-07-29] (爱奇艺)
HKU\S-1-5-21-402487621-2575195799-2967451988-1000\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [1238528 2014-04-28] (RemoteMouse.net)
ShellIconOverlayIdentifiers: DownloadIcon -> {A8502600-B272-4F68-A67B-A0305D46D298} => C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
ShellIconOverlayIdentifiers: FunOverlay -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\Mindj.dll (Funshion)
ShellIconOverlayIdentifiers-x32: DownloadIcon -> {A8502600-B272-4F68-A67B-A0305D46D297} => C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
ShellIconOverlayIdentifiers: FunOverlay -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\Mindj.dll (Funshion)
ShellIconOverlayIdentifiers-x32: DownloadIcon -> {A8502600-B272-4F68-A67B-A0305D46D297} => C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd))
DPF: HKLM-x32 {173D9E48-B527-4AA0-A929-30B446002AA8} http://210.186.135.208/DVRemoteAx.cab
DPF: HKLM-x32 {9AA03FEC-6582-48B1-BC62-821D4A7B9461} http://175.139.226.39:88/N9_ActiveX.cab?V1203
DPF: HKLM-x32 {AC2721FA-207D-44AE-8673-AE9074FC725C} http://175.136.217.114/DvrOcx.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} -  No File
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} -  No File
Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KuGou\KGMusic\KUGOO3~1.OCX No File
Handler-x32: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KuGou\KGMusic\KUGOO3~1.OCX No File
Handler-x32: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} -  No File
Hosts: Hosts file not detected in the default directory
FF Plugin: @pps.tv/npWebPlayer -> D:\IQIYI Video\LStyle\npWebPlayer.dll (爱奇艺)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\Dave\funshion\funshiontools\npFunshion.dll No File
FF Plugin-x32: @huawei.com/npHWPlugin -> C:\Program Files (x86)\Web_TV\WebTVPlugin\npHWPlugin.dll ()
FF Plugin-x32: @iqiyi.com/npclient -> D:\IQIYI Video\LStyle\npclient.dll ()
FF Plugin-x32: @pps.tv/npWebPlayer -> D:\IQIYI Video\LStyle\npWebPlayer.dll (爱奇艺)
FF Plugin-x32: @sohu.com/npifox -> C:\Program Files (x86)\搜狐影音\npifox.dll No File
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin-x32: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Web_TV\WebTVPlugin\\npViewRight.dll No File
FF Plugin HKCU: @pps.tv/npWebPlayer -> D:\IQIYI Video\LStyle\npWebPlayer.dll (爱奇艺)
FF Plugin HKCU: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Web_TV\WebTVPlugin\\npViewRight.dll No File
FF Plugin HKCU: KuaiWanInsert -> C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S1 bd0001; system32\DRIVERS\bd0001.sys [X]
S1 bd0004; system32\DRIVERS\bd0004.sys [X]
2014-09-02 15:53 - 2014-09-02 15:53 - 00003242 _____ () C:\Windows\System32\Tasks\Trojan Killer
2014-09-02 15:52 - 2014-09-02 15:52 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-09-02 14:40 - 2014-09-02 14:40 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\360safe
2014-09-02 14:32 - 2014-04-15 15:18 - 00180808 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2014-09-02 14:29 - 2014-09-02 14:41 - 00000000 ____D () C:\ProgramData\360SD
2014-09-02 14:29 - 2014-04-23 11:51 - 00077896 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2014-09-02 12:37 - 2014-09-02 12:38 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-09-01 11:25 - 2014-09-01 11:25 - 00001885 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\影视搜索.lnk
2014-08-30 23:26 - 2014-08-30 23:26 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\PushApp
2014-08-30 23:25 - 2014-08-30 23:25 - 00000000 ____D () C:\Users\Dave\AppData\Local\Temp尰
2014-08-27 21:05 - 2014-08-27 21:05 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\爱奇艺
2014-09-04 14:38 - 2014-09-04 14:38 - 00001790 _____ () C:\sc-cleaner.txt
2014-09-04 14:30 - 2014-09-04 14:30 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Dave\Downloads\sc-cleaner.exe
2014-09-02 13:54 - 2014-07-04 11:34 - 00000000 ___HD () C:\Users\Public\FunAcce
2014-09-02 12:38 - 2014-09-02 12:37 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-09-02 12:28 - 2014-04-21 22:17 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\CloudMedia
2014-09-02 12:09 - 2014-07-15 19:03 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Funshion
2014-08-30 23:25 - 2014-08-30 23:25 - 00000000 ____D () C:\Users\Dave\AppData\Local\Temp尰
2014-08-27 21:05 - 2014-08-27 21:05 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\爱奇艺
2014-08-27 21:05 - 2014-06-17 15:55 - 00001668 _____ () C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\爱奇艺PPS影音.lnk
2014-08-09 01:47 - 2013-12-23 09:16 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
C:\Users\Dave\AppData\Local\Temp\ose00000.exe
C:\Users\Dave\AppData\Local\Temp\Quarantine.exe
C:\Users\Dave\AppData\Local\Temp\thunder1.5.2.246.exe
2014-07-10 23:57 - 2013-11-19 22:34 - 00152576 _____ () C:\Program Files (x86)\Remote Mouse\FileS.dll
2014-06-24 15:38 - 2014-06-24 15:38 - 00014256 _____ () C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe
Task: {34A3A191-A0DA-4699-9BE5-CF2FF9802252} - System32\Tasks\MobProtect => D:\PPS.tv\PPStream\PPSProtect.exe
Task: {363F7DE4-D3C1-49F3-A1F8-34F4AEA7941E} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {E40AB665-38DC-4284-A321-1DACA702F76C} - System32\Tasks\PPSProtect => D:\PPS.tv\PPStream\PPSProtect.exe
D:\PPS.tv
C:\Program Files\GridinSoft Trojan Killer
cmd: ipconfig /release
cmd: ipconfig /renew
cmd: ipconfig /flushdns
cmd: netsh winsock reset all
cmd: netsh int ip reset all
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F  
Emptytemp:
reboot:
end