Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [ic-0.9d8fbedaf301b8.exe -start] => C:\Users\oliver\AppData\Local\Temp\113257328\ic-0.9d8fbedaf301b8.exe -start <===== ATTENTION
C:\Users\oliver\AppData\Local\Temp\113257328
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe [362304 2016-05-13] (Tencent)
C:\Program Files (x86)\Tencent
Winlogon\Notify\!SASWinLogon-x32: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL [X]
C:\Program Files (x86)\SUPERAntiSpyware
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {19471a77-b763-11e3-8259-a4db30eaa69f} - "E:\autorun.exe"
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {19471aa6-b763-11e3-8259-a4db30eaa69f} - "F:\autorun.exe"
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {19471c18-b763-11e3-8259-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {19471d04-b763-11e3-8259-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {207c0123-c1a6-11e3-825e-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {207c0976-c1a6-11e3-825e-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {63fe9841-0c39-11e5-8264-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {63fe9936-0c39-11e5-8264-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {b09f42fb-8162-11e4-825f-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {cd6cbf1e-6786-11e4-825f-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\MountPoints2: {e6d772f0-fa56-11e4-8261-a4db30eaa69f} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
File: C:\Program Files (x86)\3G Voice Modem\HSPALauncher.exe
Tcpip\Parameters: [DhcpNameServer] 168.210.2.2 196.14.239.2
Tcpip\..\Interfaces\{290EC7AD-1445-480D-A04F-A1F7C70EF173}: [DhcpNameServer] 168.210.2.2 196.14.239.2
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838
HKU\S-1-5-21-2472899907-1604452211-935407213-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838
BHO: ????????? -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSWebMon64.dat [2016-05-13] (Tencent)
CHR Extension: (Google Drive) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-18]
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)
C:\Program Files\Common Files\McAfee
C:\Windows\system32\mfevtps.exe
R2 QQPCRtp; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe [313936 2016-05-13] (Tencent)
U2 QQRepairf1f; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairf1f [147176 2016-06-22] ()
S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairFixSVC [147176 2016-06-22] ()
C:\Program Files (x86)\Tencent
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [184952 2016-05-18] (Tencent)
R2 qqsysmonx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQSysMonX64.sys [154744 2016-05-13] (????)
R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [44664 2016-05-13] (Tencent)
R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [179320 2016-06-22] ()
R3 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [99480 2016-05-13] (Tencent)
R2 TAOKernelDriver; C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys [143992 2016-05-13] (Tencent Technology(Shenzhen) Company Limited)
R3 TcHardWare; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCHW-x64.sys [16552 2016-05-13] (Tencent)
R1 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [97400 2016-05-13] (????)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TS888x64.sys [38520 2016-06-22] (Tencent)
S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSDefenseBT64.sys [28984 2016-05-13] (Tencent)
R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [57976 2016-05-13] ()
R4 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSSysKit64.sys [96888 2016-05-13] (????)
2016-06-18 13:03 - 2016-06-22 21:56 - 00038520 _____ (Tencent) C:\WINDOWS\SysWOW64\Drivers\TS888x64.sys
2016-06-18 13:03 - 2016-05-13 23:13 - 00143992 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys
2016-06-18 13:03 - 2016-05-13 23:13 - 00099480 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys
2016-06-18 13:01 - 2016-06-22 21:55 - 00000000 ____D C:\ProgramData\TXQMPC
2016-06-18 13:04 - 2016-05-13 23:11 - 00000000 ____D C:\ProgramData\Tencent
2016-06-17 11:49 - 2016-05-13 23:11 - 00000000 ____D C:\Users\oliver\AppData\Roaming\Tencent
2016-05-23 09:05 - 2016-05-19 10:01 - 377196995 _____ C:\Users\oliver\Downloads\AVG Antivirus Pro 2015 15.0 Build 6081 (x86x64) Multilingual + Keys [4realtorrentz].rar
2013-11-12 01:49 - 2013-11-12 01:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end