CreateRestorePoint: HKLM-x32\...\Run: [Rs] => C:\Program Files (x86)\Rising\Rs.exe HKLM-x32\...\Run: [mbot_gb_014010002] => [X] HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe [355296 2015-06-13] (Tencent) ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt64.dll [2015-06-13] (Tencent) SearchScopes: HKU\S-1-5-21-3488561027-3919077454-2296592760-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV= BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSWebMon64.dat [2015-06-13] (Tencent) BHO-x32: Ó¦Óñ¦Ò»¼ü°²×°²å¼þ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司) Winsock: Catalog9-x64 01 C:\Windows\system32\abengine64.dll [409168 2015-06-13] (Abengine) Winsock: Catalog9-x64 02 C:\Windows\system32\abengine64.dll [409168 2015-06-13] (Abengine) Winsock: Catalog9-x64 03 C:\Windows\system32\abengine64.dll [409168 2015-06-13] (Abengine) Winsock: Catalog9-x64 04 C:\Windows\system32\abengine64.dll [409168 2015-06-13] (Abengine) Winsock: Catalog9-x64 15 C:\Windows\system32\abengine64.dll [409168 2015-06-13] (Abengine) FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司) FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll [2015-06-13] (Tencent Technology (Shenzhen) Company Limited) FF Plugin HKU\.DEFAULT: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File R4 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe [297608 2015-06-13] (Tencent) R3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TAOFrame.exe [293856 2015-06-13] (Tencent) R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-06-13] () R2 abengine; C:\Program Files (x86)\HighlightSearches\abengine.exe [X] S2 CoupoonService64; No ImagePath R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUdisk64.sys [62264 2015-06-13] (Tencent) R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQSysMonX64.sys [129336 2015-06-13] (电脑管家) R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [99640 2015-06-13] (Tencent) R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [174392 2015-06-13] (Tencent Technology(Shenzhen) Company Limited) R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-06-13] (电脑管家) R1 TSCPM; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\tscpm64.sys [42296 2015-06-13] (电脑管家) R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSDefenseBT64.sys [28472 2015-06-13] (Tencent) R3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-13] (电脑管家) R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSSysKit64.sys [87352 2015-06-13] (电脑管家) 2015-06-13 11:08 - 2015-06-13 11:35 - 00000000 ___RD C:\RavBin 2015-06-13 11:08 - 2015-06-13 11:08 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll 2015-06-13 05:06 - 2015-06-13 05:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 2015-06-13 03:51 - 2015-06-13 03:51 - 00000000 ____D C:\ProgramData\TXQMPC 2015-06-13 03:36 - 2015-06-13 12:01 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Tencent 2015-06-13 03:36 - 2015-06-13 03:36 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys 2015-06-13 03:36 - 2015-06-13 03:36 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys 2015-06-13 03:36 - 2015-06-13 03:36 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys 2015-06-13 03:36 - 2015-06-13 03:36 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys 2015-06-13 03:36 - 2015-06-13 03:36 - 00000000 ____D C:\Program Files\Common Files\Tencent 2015-06-13 03:35 - 2015-06-13 03:51 - 00000000 ____D C:\ProgramData\Tencent 2015-06-13 03:35 - 2015-06-13 03:35 - 00000000 ____D C:\Program Files (x86)\Tencent 2015-06-13 03:27 - 2015-06-13 05:34 - 00000000 ____D C:\ProgramData\abc 2015-06-13 03:25 - 2015-06-13 03:25 - 00000000 ____D C:\ProgramData\PastaLeadsAgent 2015-06-13 03:24 - 2015-06-13 03:25 - 00000000 ____D C:\ProgramData\LolliScan 2015-06-13 03:24 - 2015-06-13 03:24 - 00000000 ____D C:\ProgramData\Rising 2015-06-13 03:22 - 2015-06-13 11:36 - 00000000 ____D C:\Program Files (x86)\Coupoon 2015-06-13 03:13 - 2015-06-13 03:13 - 00003092 _____ C:\Windows\System32\Tasks\iren3006 2015-06-13 03:12 - 2015-06-13 03:13 - 00009032 _____ C:\Windows\SysWOW64\abengineOff.ini 2015-06-13 03:12 - 2015-06-13 03:13 - 00009032 _____ C:\Windows\system32\abengineOff.ini 2015-06-13 03:12 - 2015-04-22 15:51 - 00409168 _____ (Abengine) C:\Windows\system32\abengine64.dll 2015-06-10 12:02 - 2015-06-10 12:02 - 00000000 ____D C:\Users\Josh\AppData\Local\I Am Bread 2015-06-10 11:36 - 2015-06-10 11:59 - 00000000 ____D C:\Users\Josh\Downloads\I am Bread cracked 2015-06-09 23:57 - 2015-06-09 23:57 - 00002966 _____ C:\Windows\System32\Tasks\{87D62E7B-A547-4AEB-B91A-61F273B5BAD2} 2015-06-09 23:57 - 2015-06-09 23:57 - 00002966 _____ C:\Windows\System32\Tasks\{84882BF0-8F4D-4E5F-A61F-EB1AD341037F} 2015-06-09 23:55 - 2015-06-09 23:55 - 01998432 _____ (BitTorrent Inc.) C:\Users\Josh\Downloads\uTorrent.exe 2015-06-05 22:47 - 2015-06-12 00:29 - 00001131 _____ C:\Users\Josh\{58C482E3-0C46-43EC-8EE5-C7230FFBC3D6}.dat AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5} AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48} Task: {048154F1-FEFE-41B2-A40B-5BC351AE5ADF} - System32\Tasks\iren3006 => C:\Program Files (x86)\HighlightSearches\iren3006.exe [2015-04-24] () <==== ATTENTION Task: {16B527EA-D5D7-4FCE-B632-B22100C18740} - System32\Tasks\{84882BF0-8F4D-4E5F-A61F-EB1AD341037F} => C:\Users\Josh\AppData\Roaming\uTorrent\uTorrent.exe [2015-01-03] (BitTorrent Inc.) Task: {4B926E2C-DF65-4E0F-BD73-A1963DDEC71A} - System32\Tasks\SystemSoundsService => C:\Users\Josh\AppData\Local\Temp\nsisvc.exe [2015-05-27] () <==== ATTENTION Task: {4EFCA514-1500-42E1-B274-2C764A488E37} - System32\Tasks\{87D62E7B-A547-4AEB-B91A-61F273B5BAD2} => C:\Users\Josh\AppData\Roaming\uTorrent\uTorrent.exe [2015-01-03] (BitTorrent Inc.) C:\Program Files (x86)\Rising C:\Program Files (x86)\Tencent C:\Program Files (x86)\Coupoon C:\Windows\Temp\is-S8KJI.tmp C:\Windows\Temp\is-TVEU7.tmp C:\Windows\Temp\is-K71JM.tmp C:\Windows\Temp\is-F2R07.tmp C:\Program Files (x86)\Common Files\Tencent C:\Program Files (x86)\HighlightSearches C:\Users\Josh\AppData\Local\Temp\nsisvc.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers